Skip to content

Commit

Permalink
[ss-2015-028] Block unauthenticated access to dev/build/defaults
Browse files Browse the repository at this point in the history
  • Loading branch information
Damian Mooyman committed Feb 23, 2016
1 parent f323025 commit 5d2fc0d
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions dev/DevelopmentAdmin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,9 @@ public function init() {
parent::init();

// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
$requestedDevBuild = (stripos($this->request->getURL(), 'dev/build') === 0);

$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0)
&& (stripos($this->getRequest()->getURL(), 'dev/build/defaults') === false);

// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (
Expand Down

0 comments on commit 5d2fc0d

Please sign in to comment.