Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixes LDEV-3119
  • Loading branch information
michaeloffner committed Oct 26, 2020
1 parent b53f1a8 commit 6208ab7
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 2 deletions.
11 changes: 11 additions & 0 deletions core/src/main/cfml/context/admin/Application.cfc
Expand Up @@ -32,6 +32,17 @@ this.sessionCookie.httpOnly = true; // prevent access to session cookies from ja
this.sessionCookie.sameSite = "strict";
this.tag.cookie.sameSite = "strict";

public function onRequestStart() {
// if not logged in, we only allow access to admin|web|server[.cfm]
if(!structKeyExists(session, "passwordWeb") && !structKeyExists(session, "passwordServer")){
var fileName=listLast(cgi.script_name,"/");
if(fileName!="admin.cfm" && fileName!="web.cfm" && fileName!="server.cfm") {
cfheader(statuscode="404" statustext="Invalid access");
abort;
}
}
}

public function onApplicationStart(){
if(structKeyExists(server.system.environment,"LUCEE_ADMIN_ENABLED") && server.system.environment.LUCEE_ADMIN_ENABLED EQ false){
cfheader(statuscode="404" statustext="Invalid access");
Expand Down
2 changes: 1 addition & 1 deletion loader/build.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project default="core" basedir="." name="Lucee" xmlns:artifact="antlib:org.apache.maven.artifact.ant">

<property name="version" value="5.3.8.88-SNAPSHOT"/>
<property name="version" value="5.3.8.89-SNAPSHOT"/>

<path id="maven-ant-tasks.classpath" path="../ant/lib/maven-ant-tasks-2.1.3.jar" />
<typedef resource="org/apache/maven/artifact/ant/antlib.xml"
Expand Down
2 changes: 1 addition & 1 deletion loader/pom.xml
Expand Up @@ -3,7 +3,7 @@

<groupId>org.lucee</groupId>
<artifactId>lucee</artifactId>
<version>5.3.8.88-SNAPSHOT</version>
<version>5.3.8.89-SNAPSHOT</version>
<packaging>jar</packaging>

<name>Lucee Loader Build</name>
Expand Down

0 comments on commit 6208ab7

Please sign in to comment.