tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 07:29:26 +02:00
Code Issues Projects Releases Wiki Activity

API Require ADMIN for ?showtemplate=1

Browse Source
This commit is contained in:
Ingo Schommer 2013-02-12 23:23:18 +01:00
parent 79eacb2439
commit d969e29d00
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/en/changelogs/3.0.4.md
View File

@ -3,6 +3,14 @@
## Overview
* Changed `dev/tests/setdb` and `dev/tests/startsession` from session to cookie storage.
* Require ADMIN permissions for `?showtemplate=1`
## Details
### Require ADMIN permissions for `?showtemplate=1`
Avoids information leakage of compiled template data,
which might expose some of the internal template logic.
## Upgrading

2
view/SSViewer.php
View File

@ -821,7 +821,7 @@ class SSViewer {
* @return string - The result of executing the template
*/
protected function includeGeneratedTemplate($cacheFile, $item, $overlay, $underlay) {
if(isset($_GET['showtemplate']) && $_GET['showtemplate']) {
if(isset($_GET['showtemplate']) && $_GET['showtemplate'] && Permission::check('ADMIN')) {
$lines = file($cacheFile);
echo "<h2>Template: $cacheFile</h2>";
echo "<pre>";