mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
#1586 - Object.php contains request parameter 'debugmethods'
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@44487 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
5d74baf7c8
commit
f7127c90bc
@ -272,7 +272,53 @@ class Debug {
|
||||
|
||||
return $funcName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user has permissions to run URL debug tools,
|
||||
* else redirect them to log in.
|
||||
*/
|
||||
static function require_developer_login() {
|
||||
if(Director::isDev()) {
|
||||
return;
|
||||
}
|
||||
if(isset($_SESSION['loggedInAs'])) {
|
||||
// We have to do some raw SQL here, because this method is called in Object::defineMethods().
|
||||
// This means we have to be careful about what objects we create, as we don't want Object::defineMethods()
|
||||
// being called again.
|
||||
// This basically calls Permission::checkMember($_SESSION['loggedInAs'], 'ADMIN');
|
||||
|
||||
$memberID = $_SESSION['loggedInAs'];
|
||||
|
||||
$groups = DB::query("SELECT GroupID from Group_Members WHERE MemberID=" . $memberID);
|
||||
$groupCSV = implode($groups->column(), ',');
|
||||
|
||||
$permission = DB::query("
|
||||
SELECT ID
|
||||
FROM Permission
|
||||
WHERE (
|
||||
Code = 'ADMIN'
|
||||
AND Type = " . Permission::GRANT_PERMISSION . "
|
||||
AND GroupID IN ($groupCSV)
|
||||
)
|
||||
")->value();
|
||||
|
||||
if($permission) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// This basically does the same as
|
||||
// Security::permissionFailure(null, "You need to login with developer access to make use of debugging tools.");
|
||||
// We have to do this because of how early this method is called in execution.
|
||||
$_SESSION['Security']['Message']['message'] = "You need to login with developer access to make use of debugging tools.";
|
||||
$_SESSION['Security']['Message']['type'] = 'warning';
|
||||
$_SESSION['BackURL'] = $_SERVER['REQUEST_URI'];
|
||||
header("HTTP/1.1 302 Found");
|
||||
header("Location: " . Director::baseURL() . "Security/login");
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
function errorHandler($errno, $errstr, $errfile, $errline, $errcontext) {
|
||||
switch($errno) {
|
||||
case E_ERROR:
|
||||
@ -288,4 +334,4 @@ function errorHandler($errno, $errstr, $errfile, $errline, $errcontext) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
@ -267,6 +267,7 @@ class Object {
|
||||
}
|
||||
|
||||
if(isset($_REQUEST['debugmethods']) && isset(Object::$builtInMethods[$this->class])) {
|
||||
Debug::require_developer_login();
|
||||
echo "<h2>Methods defined for $this->class</h2>";
|
||||
foreach(Object::$builtInMethods[$this->class] as $name => $info) {
|
||||
echo "<li>$name";
|
||||
@ -424,4 +425,4 @@ class Object {
|
||||
* // ENFORCE STRONG_CREATE
|
||||
*/
|
||||
Object::useCustomClass('Datetime','SSDatetime',true);
|
||||
?>
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user