tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

[CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution

Browse Source
This commit is contained in:
Serge Latyntcev 2019-09-24 11:14:14 +12:00 committed by Aaron Carlino
parent eccfa9b10d
commit 8b7063a8e2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Security/InheritedPermissions.php
View File

@ -752,6 +752,7 @@ class InheritedPermissions implements PermissionChecker, MemberCacheFlusher
*/ */
protected function generateCacheKey($type, $memberID) protected function generateCacheKey($type, $memberID)
{ {
return "{$type}-{$memberID}"; $classKey = str_replace('\\', '-', $this->baseClass);
return "{$type}-{$classKey}-{$memberID}";
} }
} }