mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: Don't allow the use of get-var ?isDev=1 when security DB isn't available.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78544 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
bfaa938897
commit
87478b2c5e
@ -764,13 +764,22 @@ class Director {
|
|||||||
* For information about environment types, see {@link Director::set_environment_type()}.
|
* For information about environment types, see {@link Director::set_environment_type()}.
|
||||||
*/
|
*/
|
||||||
static function isDev() {
|
static function isDev() {
|
||||||
|
// This variable is used to supress repetitions of the isDev security message below.
|
||||||
|
static $firstTimeCheckingGetVar = true;
|
||||||
|
|
||||||
// Use ?isDev=1 to get development access on the live server
|
// Use ?isDev=1 to get development access on the live server
|
||||||
if(isset($_GET['isDev'])) {
|
if(isset($_GET['isDev'])) {
|
||||||
if(Security::database_is_ready()) {
|
if(Security::database_is_ready()) {
|
||||||
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
|
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
|
||||||
$_SESSION['isDev'] = $_GET['isDev'];
|
$_SESSION['isDev'] = $_GET['isDev'];
|
||||||
} else {
|
} else {
|
||||||
return true;
|
if($firstTimeCheckingGetVar && DB::connection_attempted()) {
|
||||||
|
echo "<p style=\"padding: 3px; margin: 3px; background-color: orange;
|
||||||
|
color: white; font-weight: bold\">Sorry, you can't use ?isDev=1 until your
|
||||||
|
Member and Group tables database are available. Perhaps your database
|
||||||
|
connection is failing?</p>";
|
||||||
|
$firstTimeCheckingGetVar = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,6 +18,11 @@ class DB {
|
|||||||
*/
|
*/
|
||||||
public static $lastQuery;
|
public static $lastQuery;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Internal flag to keep track of when db connection was attempted.
|
||||||
|
*/
|
||||||
|
private static $connection_attempted = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the global database connection.
|
* Set the global database connection.
|
||||||
* Pass an object that's a subclass of Database. This object will be used when {@link DB::query()}
|
* Pass an object that's a subclass of Database. This object will be used when {@link DB::query()}
|
||||||
@ -65,6 +70,8 @@ class DB {
|
|||||||
if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) {
|
if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) {
|
||||||
user_error("DB::connect: Not passed a valid database config", E_USER_ERROR);
|
user_error("DB::connect: Not passed a valid database config", E_USER_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
self::$connection_attempted = true;
|
||||||
if (isset($databaseConfig['pdo']) && $databaseConfig['pdo']) { // TODO:pkrenn_remove
|
if (isset($databaseConfig['pdo']) && $databaseConfig['pdo']) { // TODO:pkrenn_remove
|
||||||
$conn = new PDODatabase($databaseConfig);
|
$conn = new PDODatabase($databaseConfig);
|
||||||
} else { // TODO:pkrenn_remove begin
|
} else { // TODO:pkrenn_remove begin
|
||||||
@ -73,6 +80,15 @@ class DB {
|
|||||||
} // TODO:pkrenn_remove end
|
} // TODO:pkrenn_remove end
|
||||||
DB::setConn($conn);
|
DB::setConn($conn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if a database connection has been attempted.
|
||||||
|
* In particular, it lets the caller know if we're still so early in the execution pipeline that
|
||||||
|
* we haven't even tried to connect to the database yet.
|
||||||
|
*/
|
||||||
|
public static function connection_attempted() {
|
||||||
|
return self::$connection_attempted;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Build the connection string from input.
|
* Build the connection string from input.
|
||||||
|
Loading…
Reference in New Issue
Block a user