mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[ss-2015-028] Block unauthenticated access to dev/build/defaults
This commit is contained in:
parent
af28b0a414
commit
15d4db3b4a
@ -33,7 +33,8 @@ class DevelopmentAdmin extends Controller {
|
||||
parent::init();
|
||||
|
||||
// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
|
||||
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0);
|
||||
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0)
|
||||
&& (stripos($this->getRequest()->getURL(), 'dev/build/defaults') === false);
|
||||
|
||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||
|
Loading…
Reference in New Issue
Block a user