Project

General

Profile

Actions

Feature #77790

closed

Allow "entryPointLevel" as parameter in "Application" constructor

Added by Markus Hölzle about 8 years ago. Updated about 7 years ago.

Status:
Rejected
Priority:
Should have
Category:
-
Target version:
-
Start date:
2016-09-02
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

If you need your own index.php script because you want to start TYPO3 from a subdirectory (for security reasons for example) then you have to extend the class "\TYPO3\CMS\Frontend\Http\Application" to overwrite the "protected $entryPointLevel".

class MyApplication extends \TYPO3\CMS\Frontend\Http\Application
{
    protected $entryPointLevel = 1;
}
(new MyApplication($classLoader))->run();

This would be much easier if you can use the Application class from the core with just an extra parameter:

(new \TYPO3\CMS\Frontend\Http\Application($classLoader, 1))->run();
Actions #1

Updated by Gerrit Code Review about 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49763

Actions #2

Updated by Andreas Wolf about 8 years ago

  • Status changed from Under Review to Needs Feedback

I also let TYPO3 run in a subdirectory, and it works without any additional configuration. Can you specify why we would need your change?

Actions #3

Updated by Markus Hölzle about 8 years ago

  • Status changed from Needs Feedback to Under Review

Just the index.php run in a (public accessible) subdirectory. The TYPO3 source is in the (not accessible) parent directory for example. This directory structure is known from other systems like neos and does not allow any public access to any source files of TYPO3 or the extensions.
The whole idea of this security thinking is described in this blog post: http://insight.helhum.io/post/102899003500/delivering-a-more-secure-frontend-with-typo3-cms

From the technical point of view this variable "$entryPointLevel" in the "Application" class is reserved for this, but can only be changed by extending this class (until now).
(In TYPO3 7 the variable is named "$entryPointPath" and contains a string with the path to the public subdirectory, maybe we should backport this?)

Actions #4

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49763

Actions #5

Updated by Gerrit Code Review about 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49763

Actions #6

Updated by Benni Mack about 7 years ago

  • Status changed from Under Review to Rejected
Actions

Also available in: Atom PDF