tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

#1586 - Object.php contains request parameter 'debugmethods'

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@44487 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andrew O'Neil 2007-11-07 23:46:00 +00:00
parent 5d74baf7c8
commit f7127c90bc
2 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
core/Debug.php
View File

@ -272,7 +272,53 @@ class Debug {
return $funcName; return $funcName;
} }
/**
* Check if the user has permissions to run URL debug tools,
* else redirect them to log in.
*/
static function require_developer_login() {
if(Director::isDev()) {
return;
}
if(isset($_SESSION['loggedInAs'])) {
// We have to do some raw SQL here, because this method is called in Object::defineMethods().
// This means we have to be careful about what objects we create, as we don't want Object::defineMethods()
// being called again.
// This basically calls Permission::checkMember($_SESSION['loggedInAs'], 'ADMIN');
$memberID = $_SESSION['loggedInAs'];
$groups = DB::query("SELECT GroupID from Group_Members WHERE MemberID=" . $memberID);
$groupCSV = implode($groups->column(), ',');
$permission = DB::query("
SELECT ID
FROM Permission
WHERE (
Code = 'ADMIN'
AND Type = " . Permission::GRANT_PERMISSION . "
AND GroupID IN ($groupCSV)
)
")->value();
if($permission) {
return;
}
}
// This basically does the same as
// Security::permissionFailure(null, "You need to login with developer access to make use of debugging tools.");
// We have to do this because of how early this method is called in execution.
$_SESSION['Security']['Message']['message'] = "You need to login with developer access to make use of debugging tools.";
$_SESSION['Security']['Message']['type'] = 'warning';
$_SESSION['BackURL'] = $_SERVER['REQUEST_URI'];
header("HTTP/1.1 302 Found");
header("Location: " . Director::baseURL() . "Security/login");
die();
}
} }
function errorHandler($errno, $errstr, $errfile, $errline, $errcontext) { function errorHandler($errno, $errstr, $errfile, $errline, $errcontext) {
switch($errno) { switch($errno) {
case E_ERROR: case E_ERROR:
@ -288,4 +334,4 @@ function errorHandler($errno, $errstr, $errfile, $errline, $errcontext) {
break; break;
} }
} }
?> ?>

3
core/Object.php
View File

@ -267,6 +267,7 @@ class Object {
} }
if(isset($_REQUEST['debugmethods']) && isset(Object::$builtInMethods[$this->class])) { if(isset($_REQUEST['debugmethods']) && isset(Object::$builtInMethods[$this->class])) {
Debug::require_developer_login();
echo "<h2>Methods defined for $this->class</h2>"; echo "<h2>Methods defined for $this->class</h2>";
foreach(Object::$builtInMethods[$this->class] as $name => $info) { foreach(Object::$builtInMethods[$this->class] as $name => $info) {
echo "<li>$name"; echo "<li>$name";
@ -424,4 +425,4 @@ class Object {
* // ENFORCE STRONG_CREATE * // ENFORCE STRONG_CREATE
*/ */
Object::useCustomClass('Datetime','SSDatetime',true); Object::useCustomClass('Datetime','SSDatetime',true);
?> ?>