diff --git a/docs/en/changelogs/3.0.4.md b/docs/en/changelogs/3.0.4.md
index fd9f55e1f..a9e5e4466 100644
--- a/docs/en/changelogs/3.0.4.md
+++ b/docs/en/changelogs/3.0.4.md
@@ -3,6 +3,14 @@
 ## Overview
 
  * Changed `dev/tests/setdb` and `dev/tests/startsession` from session to cookie storage.
+ * Require ADMIN permissions for `?showtemplate=1`
+
+## Details
+
+### Require ADMIN permissions for `?showtemplate=1`
+
+Avoids information leakage of compiled template data,
+which might expose some of the internal template logic.
 
 ## Upgrading
 
diff --git a/view/SSViewer.php b/view/SSViewer.php
index b3a315122..f1bb51b52 100644
--- a/view/SSViewer.php
+++ b/view/SSViewer.php
@@ -821,7 +821,7 @@ class SSViewer {
 	 * @return string - The result of executing the template
 	 */
 	protected function includeGeneratedTemplate($cacheFile, $item, $overlay, $underlay) {
-		if(isset($_GET['showtemplate']) && $_GET['showtemplate']) {
+		if(isset($_GET['showtemplate']) && $_GET['showtemplate'] && Permission::check('ADMIN')) {
 			$lines = file($cacheFile);
 			echo "<h2>Template: $cacheFile</h2>";
 			echo "<pre>";