mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: Don't allow the use of get-var ?isDev=1 when security DB isn't available.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78544 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
bfaa938897
commit
87478b2c5e
@ -764,13 +764,22 @@ class Director {
|
||||
* For information about environment types, see {@link Director::set_environment_type()}.
|
||||
*/
|
||||
static function isDev() {
|
||||
// This variable is used to supress repetitions of the isDev security message below.
|
||||
static $firstTimeCheckingGetVar = true;
|
||||
|
||||
// Use ?isDev=1 to get development access on the live server
|
||||
if(isset($_GET['isDev'])) {
|
||||
if(Security::database_is_ready()) {
|
||||
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
|
||||
$_SESSION['isDev'] = $_GET['isDev'];
|
||||
} else {
|
||||
return true;
|
||||
if($firstTimeCheckingGetVar && DB::connection_attempted()) {
|
||||
echo "<p style=\"padding: 3px; margin: 3px; background-color: orange;
|
||||
color: white; font-weight: bold\">Sorry, you can't use ?isDev=1 until your
|
||||
Member and Group tables database are available. Perhaps your database
|
||||
connection is failing?</p>";
|
||||
$firstTimeCheckingGetVar = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,6 +18,11 @@ class DB {
|
||||
*/
|
||||
public static $lastQuery;
|
||||
|
||||
/**
|
||||
* Internal flag to keep track of when db connection was attempted.
|
||||
*/
|
||||
private static $connection_attempted = false;
|
||||
|
||||
/**
|
||||
* Set the global database connection.
|
||||
* Pass an object that's a subclass of Database. This object will be used when {@link DB::query()}
|
||||
@ -65,6 +70,8 @@ class DB {
|
||||
if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) {
|
||||
user_error("DB::connect: Not passed a valid database config", E_USER_ERROR);
|
||||
}
|
||||
|
||||
self::$connection_attempted = true;
|
||||
if (isset($databaseConfig['pdo']) && $databaseConfig['pdo']) { // TODO:pkrenn_remove
|
||||
$conn = new PDODatabase($databaseConfig);
|
||||
} else { // TODO:pkrenn_remove begin
|
||||
@ -73,6 +80,15 @@ class DB {
|
||||
} // TODO:pkrenn_remove end
|
||||
DB::setConn($conn);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if a database connection has been attempted.
|
||||
* In particular, it lets the caller know if we're still so early in the execution pipeline that
|
||||
* we haven't even tried to connect to the database yet.
|
||||
*/
|
||||
public static function connection_attempted() {
|
||||
return self::$connection_attempted;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the connection string from input.
|
||||
|
Loading…
Reference in New Issue
Block a user