From 45c68d6821576eb694df6565c75c0bf5fb363ebf Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 12 Feb 2013 23:21:13 +0100
Subject: [PATCH] API Require ADMIN for ?showtemplate=1

---
 core/SSViewer.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/SSViewer.php b/core/SSViewer.php
index af033bebc..d10f6f6cb 100755
--- a/core/SSViewer.php
+++ b/core/SSViewer.php
@@ -401,7 +401,7 @@ class SSViewer {
 		}
 	
 		
-		if(isset($_GET['showtemplate']) && !Director::isLive()) {
+		if(isset($_GET['showtemplate']) && $_GET['showtemplate'] && Permission::check('ADMIN')) {
 			$lines = file($cacheFile);
 			echo "<h2>Template: $cacheFile</h2>";
 			echo "<pre>";
@@ -680,7 +680,7 @@ class SSViewer_FromString extends SSViewer {
 		fwrite($fh, $template);
 		fclose($fh);
 
-		if(isset($_GET['showtemplate']) && $_GET['showtemplate']) {
+		if(isset($_GET['showtemplate']) && $_GET['showtemplate'] && Permission::check('ADMIN')) {
 			$lines = file($tmpFile);
 			echo "<h2>Template: $tmpFile</h2>";
 			echo "<pre>";