Bug #23121
closedLogin to backend fails with IPv6 Address as HTTP_HOST
0%
Description
When one is trying to log into the backend with an IPv6 Address like http://[::1]/typo3/ a RuntimeException is thrown in class.t3lib_userauth.php::checkAuthentication() because "this host address" mismatches the "referer host".
The error lies in t3lib_div::getIndpEnv().
In case of t3lib_div::getIndpEnv('TYPO3_HOST_ONLY') the HTTP_HOST is treated as IPv4 and therefore explode()ed at the colon(s). The first element of the resulting array is used as the TYPO3_HOST_ONLY value.
Because IPv6 Addresses can and have several colons I extended t3lib_div::getIndpEnv() at the appropriate places. This includes TYPO3_PORT.
Patch (hopefully working) and unit test included.
(issue imported from #M15034)
Files
Updated by Roland Schenke almost 14 years ago
patch useless, forgot some essential code... sorry
Updated by Roland Schenke almost 14 years ago
sorry for the confusion, it's my very first bugfix to the core :-)
15034v3.patch should correctly recognize both IPv4 and IPv6 for TYPO3_HOST_ONLY and TYPO3_PORT
includes revised unit test in 15034v3_UnitTest.patch
Updated by Nikolas Hagelstein almost 14 years ago
Regarding the test:
Could you use 2 dataproviders instead a bunch of asserts?
Updated by Roland Schenke almost 14 years ago
@Nikolas Hagelstein thanks for pointing that out
uploaded 15034v5_UnitTest.patch using dataProvider
Updated by Steffen Gebert almost 14 years ago
Thanks for your patch, Roland!
By reading I see the following CGL glitches:- Space after "," as argument separator is sometimes missing
self::getIndpEnv('HTTP_HOST'),']:')
should be
self::getIndpEnv('HTTP_HOST'), ']:')
- Comments should be intended by one Tab
I'm unsure, how to handle according to CGL
} // blabla else {
Please remove the commented out lines:
+ //$p = explode(':',self::getIndpEnv('HTTP_HOST'));
+ //$retVal = $p0;
Updated patch attached.
Think you should send it to the Core list!
Updated by Roland Schenke almost 14 years ago
thanks Steffen Gebert!
posted to core list and tagged as "pending in core list"
Updated by Roland Schenke almost 14 years ago
15034_v5.diff contains a better aproach with less code
Updated by Roland Schenke almost 14 years ago
15034_v6.diff removed 2 CGL issues
big thanks to Caspar!
Updated by Roland Schenke almost 14 years ago
15034_v7.diff with the latest recommendations from the core list
and improved human readability for the unit test
Updated by Christian Kuhn over 13 years ago
- trunk rev. 9971
- 4.4 rev. 9972
- 4.3 rev. 9973