Project

General

Profile

Actions
Copy link

Bug #58372

closed

TYPO3_SSL check with reverseProxySSL

Added by Félix Horro Pita over 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-04-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Function getIndpEnv on t3lib/class.t3lib_div.php checks if the session uses https.
If you are behind a SSL Proxy, it compares getIndpEnv('REMOTE_ADDR') with the proxy IP, but getIndpEnv('REMOTE_ADDR') is the client IP, so it has no sense.

It must compare $_SERVER['REMOTE_ADDR'] with proxy IP (as it does finding proxy prefix).

Proposal fix attached as patch file.

Files

class.t3lib_div.patch (599 Bytes) class.t3lib_div.patch Félix Horro Pita, 2014-04-30 19:21
Actions
Copy link
 #1

Updated by Frederic Gaus over 9 years ago

  • Status changed from New to Resolved

This used to be fixed. The code has changed a bit in the meantime and is now located at /typo3/sysext/core/Classes/Utility/GeneralUtility.php:3448

There it says: 

                if ($proxySSL == '*') {
                    $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
                }
                if (self::cmpIP($_SERVER['REMOTE_ADDR'], $proxySSL)) {
                    $retVal = TRUE;
                } else {
                    $retVal = $_SERVER['SSL_SESSION_ID'] || strtolower($_SERVER['HTTPS']) === 'on' || (string)$_SERVER['HTTPS'] === '1' ? TRUE : FALSE;
                }
                break;

So your patch is more or less included. This is why I solve this issue. If you think that this issue is not fixed yet, please be so kind and reopen a new task!

Actions
Copy link
 #2

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF