BUGFIX: Don't allow the use of get-var ?isDev=1 when security DB isn't available.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78544 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2009-06-07 23:07:25 +00:00
parent bfaa938897
commit 87478b2c5e
2 changed files with 26 additions and 1 deletions

View File

@ -764,13 +764,22 @@ class Director {
* For information about environment types, see {@link Director::set_environment_type()}.
*/
static function isDev() {
// This variable is used to supress repetitions of the isDev security message below.
static $firstTimeCheckingGetVar = true;
// Use ?isDev=1 to get development access on the live server
if(isset($_GET['isDev'])) {
if(Security::database_is_ready()) {
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
$_SESSION['isDev'] = $_GET['isDev'];
} else {
return true;
if($firstTimeCheckingGetVar && DB::connection_attempted()) {
echo "<p style=\"padding: 3px; margin: 3px; background-color: orange;
color: white; font-weight: bold\">Sorry, you can't use ?isDev=1 until your
Member and Group tables database are available. Perhaps your database
connection is failing?</p>";
$firstTimeCheckingGetVar = false;
}
}
}

View File

@ -18,6 +18,11 @@ class DB {
*/
public static $lastQuery;
/**
* Internal flag to keep track of when db connection was attempted.
*/
private static $connection_attempted = false;
/**
* Set the global database connection.
* Pass an object that's a subclass of Database. This object will be used when {@link DB::query()}
@ -65,6 +70,8 @@ class DB {
if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) {
user_error("DB::connect: Not passed a valid database config", E_USER_ERROR);
}
self::$connection_attempted = true;
if (isset($databaseConfig['pdo']) && $databaseConfig['pdo']) { // TODO:pkrenn_remove
$conn = new PDODatabase($databaseConfig);
} else { // TODO:pkrenn_remove begin
@ -73,6 +80,15 @@ class DB {
} // TODO:pkrenn_remove end
DB::setConn($conn);
}
/**
* Returns true if a database connection has been attempted.
* In particular, it lets the caller know if we're still so early in the execution pipeline that
* we haven't even tried to connect to the database yet.
*/
public static function connection_attempted() {
return self::$connection_attempted;
}
/**
* Build the connection string from input.