[ss-2015-028] Block unauthenticated access to dev/build/defaults

This commit is contained in:
Damian Mooyman 2016-02-17 17:30:51 +13:00
parent f32302522c
commit 5d2fc0d7ca

View File

@ -34,7 +34,8 @@ class DevelopmentAdmin extends Controller {
parent::init();
// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
$requestedDevBuild = (stripos($this->request->getURL(), 'dev/build') === 0);
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0)
&& (stripos($this->getRequest()->getURL(), 'dev/build/defaults') === false);
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.