From 2853ebc277f3d038e11f35a1be502d2e87470c39 Mon Sep 17 00:00:00 2001
From: Zac Spitzer <zac.spitzer@gmail.com>
Date: Wed, 13 Mar 2024 10:30:28 +0100
Subject: [PATCH] LDEV-4854 use stricter application options for admin

test search results
---
 core/src/main/cfml/context/admin/Application.cfc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/src/main/cfml/context/admin/Application.cfc b/core/src/main/cfml/context/admin/Application.cfc
index 2e558c7abf..5fc3ab26cd 100644
--- a/core/src/main/cfml/context/admin/Application.cfc
+++ b/core/src/main/cfml/context/admin/Application.cfc
@@ -34,6 +34,9 @@ this.sessionCookie.path = getAppFolderPath();  // the admin is always in a folde
 this.tag.cookie.sameSite = "strict";
 this.tag.cookie.path = getAppFolderPath();
 this.tag.cookie.httpOnly = true; // prevent access to session cookies from javascript
+this.searchImplicitScopes = false;
+this.searchResults = false;
+this.security.limitEvaluation = true;
 
 this.xmlFeatures = {
 	externalGeneralEntities: false,