Feature #77790
closed
Allow "entryPointLevel" as parameter in "Application" constructor
Added by Markus Hölzle about 8 years ago.
Updated about 7 years ago.
Description
If you need your own index.php script because you want to start TYPO3 from a subdirectory (for security reasons for example) then you have to extend the class "\TYPO3\CMS\Frontend\Http\Application" to overwrite the "protected $entryPointLevel".
class MyApplication extends \TYPO3\CMS\Frontend\Http\Application
{
protected $entryPointLevel = 1;
}
(new MyApplication($classLoader))->run();
This would be much easier if you can use the Application class from the core with just an extra parameter:
(new \TYPO3\CMS\Frontend\Http\Application($classLoader, 1))->run();
- Status changed from New to Under Review
- Status changed from Under Review to Needs Feedback
I also let TYPO3 run in a subdirectory, and it works without any additional configuration. Can you specify why we would need your change?
- Status changed from Needs Feedback to Under Review
Just the index.php run in a (public accessible) subdirectory. The TYPO3 source is in the (not accessible) parent directory for example. This directory structure is known from other systems like neos and does not allow any public access to any source files of TYPO3 or the extensions.
The whole idea of this security thinking is described in this blog post: http://insight.helhum.io/post/102899003500/delivering-a-more-secure-frontend-with-typo3-cms
From the technical point of view this variable "$entryPointLevel" in the "Application" class is reserved for this, but can only be changed by extending this class (until now).
(In TYPO3 7 the variable is named "$entryPointPath" and contains a string with the path to the public subdirectory, maybe we should backport this?)
- Status changed from Under Review to Rejected
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by