tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-01 17:09:38 +02:00
Code Issues Projects Releases Wiki Activity

[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution

Browse Source
This commit is contained in:
Serge Latyntcev 2019-09-24 11:14:14 +12:00 committed by Aaron Carlino
parent 569237c0f4
commit 5af205993d
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Security/InheritedPermissions.php
View File

@ -737,6 +737,7 @@ class InheritedPermissions implements PermissionChecker, MemberCacheFlusher
*/ */
protected function generateCacheKey($type, $memberID) protected function generateCacheKey($type, $memberID)
{ {
return "{$type}-{$memberID}"; $classKey = str_replace('\\', '-', $this->baseClass);
return "{$type}-{$classKey}-{$memberID}";
} }
} }