Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Access rules for SystemInformationController and MemcacheServer #12316
How to test
Before this PR, you could see "changed files" block from "Configure > Advanced Parameters > Information" page (which is loaded through an AJAX call) and you could use the cache server actions (add a server, test a server, delete a server) from "Configure > Advanced Parameters > Performance" page (last block) without having the proper access rights. This PR secures these 2 items.
See screenshot below
Jan 29, 2019
@marionf I failed to reproduce
This might be a side-effect: whenever you try to do something on a Symfony page, the feedback messages (which includes "access denied", "successfull update", "could not find object 123" ...) are stored to be displayed until the next Symfony page to be shown.
As stated by this post:
So maybe what happened is that you visited a Symfony page, got a "success full update" message stored, and it popped right there.
This is a record to reproduce it: