mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[CVE-2020-6164] Remove/deprecate unused controllers that can potentially give away some information about the underlying project.
This commit is contained in:
parent
8518987cbd
commit
cce2b16309
10
.upgrade.yml
10
.upgrade.yml
@ -205,8 +205,6 @@ mappings:
|
|||||||
FunctionalTest: SilverStripe\Dev\FunctionalTest
|
FunctionalTest: SilverStripe\Dev\FunctionalTest
|
||||||
InstallerTest: SilverStripe\Dev\InstallerTest
|
InstallerTest: SilverStripe\Dev\InstallerTest
|
||||||
MigrationTask: SilverStripe\Dev\MigrationTask
|
MigrationTask: SilverStripe\Dev\MigrationTask
|
||||||
SapphireInfo: SilverStripe\Dev\SapphireInfo
|
|
||||||
SapphireREPL: SilverStripe\Dev\SapphireREPL
|
|
||||||
SapphireTest: SilverStripe\Dev\SapphireTest
|
SapphireTest: SilverStripe\Dev\SapphireTest
|
||||||
TaskRunner: SilverStripe\Dev\TaskRunner
|
TaskRunner: SilverStripe\Dev\TaskRunner
|
||||||
TestMailer: SilverStripe\Dev\TestMailer
|
TestMailer: SilverStripe\Dev\TestMailer
|
||||||
@ -1016,6 +1014,14 @@ warnings:
|
|||||||
message: 'Use SilverStripe\CMS\BatchActions\CMSBatchAction_Archive instead'
|
message: 'Use SilverStripe\CMS\BatchActions\CMSBatchAction_Archive instead'
|
||||||
'EncryptAllPasswordsTask':
|
'EncryptAllPasswordsTask':
|
||||||
message: 'Removed'
|
message: 'Removed'
|
||||||
|
'SapphireInfo':
|
||||||
|
message: 'Removed'
|
||||||
|
'SilverStripe\Dev\SapphireREPL':
|
||||||
|
message: 'Removed'
|
||||||
|
'SilverStripe\Dev\SapphireInfo':
|
||||||
|
message: 'Deprecated'
|
||||||
|
'SilverStripe\Dev\InstallerTest':
|
||||||
|
message: 'Deprecated'
|
||||||
methods:
|
methods:
|
||||||
'SilverStripe\Security\Authenticator::register()':
|
'SilverStripe\Security\Authenticator::register()':
|
||||||
message: 'Custom authenticators work differently now'
|
message: 'Custom authenticators work differently now'
|
||||||
|
@ -14,10 +14,6 @@ SilverStripe\Control\Director:
|
|||||||
'Security//$Action/$ID/$OtherID': SilverStripe\Security\Security
|
'Security//$Action/$ID/$OtherID': SilverStripe\Security\Security
|
||||||
'CMSSecurity//$Action/$ID/$OtherID': SilverStripe\Security\CMSSecurity
|
'CMSSecurity//$Action/$ID/$OtherID': SilverStripe\Security\CMSSecurity
|
||||||
'dev': SilverStripe\Dev\DevelopmentAdmin
|
'dev': SilverStripe\Dev\DevelopmentAdmin
|
||||||
'interactive': SilverStripe\Dev\SapphireREPL
|
|
||||||
'InstallerTest//$Action/$ID/$OtherID': SilverStripe\Dev\InstallerTest
|
|
||||||
'SapphireInfo//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireInfo
|
|
||||||
'SapphireREPL//$Action/$ID/$OtherID': SilverStripe\Dev\SapphireREPL
|
|
||||||
---
|
---
|
||||||
Name: security-limited
|
Name: security-limited
|
||||||
After:
|
After:
|
||||||
|
@ -6,6 +6,7 @@ use SilverStripe\Control\Controller;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Simple controller that the installer uses to test that URL rewriting is working.
|
* Simple controller that the installer uses to test that URL rewriting is working.
|
||||||
|
* @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5.
|
||||||
*/
|
*/
|
||||||
class InstallerTest extends Controller
|
class InstallerTest extends Controller
|
||||||
{
|
{
|
||||||
|
@ -9,6 +9,7 @@ use SilverStripe\Security\Security;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns information about the current site instance.
|
* Returns information about the current site instance.
|
||||||
|
* @deprecated 4.4.7 This class will be removed in Silverstripe Framework 5.
|
||||||
*/
|
*/
|
||||||
class SapphireInfo extends Controller
|
class SapphireInfo extends Controller
|
||||||
{
|
{
|
||||||
|
@ -1,110 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
namespace SilverStripe\Dev;
|
|
||||||
|
|
||||||
use SilverStripe\Control\Controller;
|
|
||||||
use SilverStripe\Control\Director;
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
/* Don't actually define these, since it'd clutter up the namespace.
|
|
||||||
define('1',E_ERROR);
|
|
||||||
define('2',E_WARNING);
|
|
||||||
define('4',E_PARSE);
|
|
||||||
define('8',E_NOTICE);
|
|
||||||
define('16',E_CORE_ERROR);
|
|
||||||
define('32',E_CORE_WARNING);
|
|
||||||
define('64',E_COMPILE_ERROR);
|
|
||||||
define('128',E_COMPILE_WARNING);
|
|
||||||
define('256',E_USER_ERROR);
|
|
||||||
define('512',E_USER_WARNING);
|
|
||||||
define('1024',E_USER_NOTICE);
|
|
||||||
define('2048',E_STRICT);
|
|
||||||
define('4096',E_RECOVERABLE_ERROR);
|
|
||||||
define('8192',E_DEPRECATED);
|
|
||||||
define('16384',E_USER_DEPRECATED);
|
|
||||||
define('30719',E_ALL);
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
*/
|
|
||||||
class SapphireREPL extends Controller
|
|
||||||
{
|
|
||||||
|
|
||||||
private static $allowed_actions = array(
|
|
||||||
'index'
|
|
||||||
);
|
|
||||||
|
|
||||||
public function error_handler($errno, $errstr, $errfile, $errline, $errctx)
|
|
||||||
{
|
|
||||||
// Ignore unless important error
|
|
||||||
if (($errno & ~( 2048 | 8192 | 16384 )) == 0) {
|
|
||||||
return ;
|
|
||||||
}
|
|
||||||
// Otherwise throw exception to handle in REPL loop
|
|
||||||
throw new Exception(sprintf("%s:%d\r\n%s", $errfile, $errline, $errstr));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function index()
|
|
||||||
{
|
|
||||||
if (!Director::is_cli()) {
|
|
||||||
return "The SilverStripe Interactive Command-line doesn't work in a web browser."
|
|
||||||
. " Use 'sake interactive' from the command-line to run.";
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Try using PHP_Shell if it exists */
|
|
||||||
@include 'php-shell-cmd.php' ;
|
|
||||||
|
|
||||||
/* Fall back to our simpler interface */
|
|
||||||
if (empty($__shell)) {
|
|
||||||
set_error_handler(array($this, 'error_handler'));
|
|
||||||
|
|
||||||
echo "SilverStripe Interactive Command-line (REPL interface). Type help for hints.\n\n";
|
|
||||||
while (true) {
|
|
||||||
echo CLI::text("?> ", "cyan");
|
|
||||||
echo CLI::start_colour("yellow");
|
|
||||||
$command = trim(fgets(STDIN, 4096));
|
|
||||||
echo CLI::end_colour();
|
|
||||||
|
|
||||||
if ($command == 'help' || $command == '?') {
|
|
||||||
print "help or ? to exit\n" ;
|
|
||||||
print "quit or \q to exit\n" ;
|
|
||||||
print "install PHP_Shell for a more advanced interface with"
|
|
||||||
. " auto-completion and readline support\n\n" ;
|
|
||||||
continue ;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($command == 'quit' || $command == '\q') {
|
|
||||||
break ;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Simple command processing
|
|
||||||
if (substr($command, -1) == ';') {
|
|
||||||
$command = substr($command, 0, -1);
|
|
||||||
}
|
|
||||||
$is_print = preg_match('/^\s*print/i', $command);
|
|
||||||
$is_return = preg_match('/^\s*return/i', $command);
|
|
||||||
if (!$is_print && !$is_return) {
|
|
||||||
$command = "return ($command)";
|
|
||||||
}
|
|
||||||
$command .= ";";
|
|
||||||
|
|
||||||
try {
|
|
||||||
$result = eval($command);
|
|
||||||
if (!$is_print) {
|
|
||||||
print_r($result);
|
|
||||||
}
|
|
||||||
echo "\n";
|
|
||||||
} catch (Exception $__repl_exception) {
|
|
||||||
echo CLI::start_colour("red");
|
|
||||||
printf(
|
|
||||||
'%s (code: %d) got thrown' . PHP_EOL,
|
|
||||||
get_class($__repl_exception),
|
|
||||||
$__repl_exception->getCode()
|
|
||||||
);
|
|
||||||
print $__repl_exception;
|
|
||||||
echo "\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user