FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) in 2.4 #2246

Merged
merged 2 commits into from Jul 19, 2013

Projects

None yet

2 participants

Owner

Ensure that flush=1 only causes an actual flush if one of the following is true

  • You are in dev mode
  • You are logged in as an admin
  • An error occurred while attempted to start up the page

Fixes #1692. This is the version for 2.4. The version for 3.0 is at #2243

Owner

This should be ready to go now, but needs checking in PHP 5.2

@sminnee sminnee merged commit b774db4 into silverstripe:2.4 Jul 19, 2013

1 check failed

default Scrutinizer: 13 Comments, 0 Changed Files — Travis: Failed
Details
Owner
sminnee commented Jul 19, 2013

Doh, I merged this without noticing an issue. require_once(core/TempPath.php): doesn't exist in 2.4 and it's trying to include it.

Owner

Flush - there's two requests, and the first one creates TempPath.php

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment