From 87478b2c5ee2460d5d90557814c5c6654eed2302 Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Sun, 7 Jun 2009 23:07:25 +0000 Subject: [PATCH] BUGFIX: Don't allow the use of get-var ?isDev=1 when security DB isn't available. git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78544 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- core/control/Director.php | 11 ++++++++++- core/model/DB.php | 16 ++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/core/control/Director.php b/core/control/Director.php index 630c56c57..14563ccfd 100644 --- a/core/control/Director.php +++ b/core/control/Director.php @@ -764,13 +764,22 @@ class Director { * For information about environment types, see {@link Director::set_environment_type()}. */ static function isDev() { + // This variable is used to supress repetitions of the isDev security message below. + static $firstTimeCheckingGetVar = true; + // Use ?isDev=1 to get development access on the live server if(isset($_GET['isDev'])) { if(Security::database_is_ready()) { BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN"); $_SESSION['isDev'] = $_GET['isDev']; } else { - return true; + if($firstTimeCheckingGetVar && DB::connection_attempted()) { + echo "

Sorry, you can't use ?isDev=1 until your + Member and Group tables database are available. Perhaps your database + connection is failing?

"; + $firstTimeCheckingGetVar = false; + } } } diff --git a/core/model/DB.php b/core/model/DB.php index d7ee21609..0fa357890 100755 --- a/core/model/DB.php +++ b/core/model/DB.php @@ -18,6 +18,11 @@ class DB { */ public static $lastQuery; + /** + * Internal flag to keep track of when db connection was attempted. + */ + private static $connection_attempted = false; + /** * Set the global database connection. * Pass an object that's a subclass of Database. This object will be used when {@link DB::query()} @@ -65,6 +70,8 @@ class DB { if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) { user_error("DB::connect: Not passed a valid database config", E_USER_ERROR); } + + self::$connection_attempted = true; if (isset($databaseConfig['pdo']) && $databaseConfig['pdo']) { // TODO:pkrenn_remove $conn = new PDODatabase($databaseConfig); } else { // TODO:pkrenn_remove begin @@ -73,6 +80,15 @@ class DB { } // TODO:pkrenn_remove end DB::setConn($conn); } + + /** + * Returns true if a database connection has been attempted. + * In particular, it lets the caller know if we're still so early in the execution pipeline that + * we haven't even tried to connect to the database yet. + */ + public static function connection_attempted() { + return self::$connection_attempted; + } /** * Build the connection string from input.