tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution

This commit is contained in:
Serge Latyntcev 2019-09-24 11:14:14 +12:00 committed by Aaron Carlino
parent eccfa9b10d
commit 8b7063a8e2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Security/InheritedPermissions.php
View File

@ -752,6 +752,7 @@ class InheritedPermissions implements PermissionChecker, MemberCacheFlusher
*/
protected function generateCacheKey($type, $memberID)
{
return "{$type}-{$memberID}";
$classKey = str_replace('\\', '-', $this->baseClass);
return "{$type}-{$classKey}-{$memberID}";
}
}