mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Add secret GET param to debug action
This commit is contained in:
parent
8d67a8290c
commit
2198755af8
3 changed files with 10 additions and 6 deletions
|
@ -35,7 +35,10 @@ if(!file_exists($settingsFilename)) {
|
|||
$settings->$key = $value->default;
|
||||
// Generate a random secret
|
||||
$settings->secret = bin2hex(random_bytes(16));
|
||||
file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
|
||||
if(file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT)) === false) {
|
||||
http_response_code(503);
|
||||
exit("Oops! It looks like $settings->sitename wasn't able to write peppermint.json to disk.\nThis file contains all of $settings->sitename's settings, so it's really important!\nHave you checked that PHP has write access to the directory that index.php is located in (and all it's contents and subdirectories)? Try\n\nsudo chown USERNAME:USERNAME -R path/to/directory\n\nand\n\nsudo chmod -R 0644 path/to/directory;\nsudo chmod -R +X path/too/directory\n\n....where USERNAME is the username that the PHP process is running under.");
|
||||
}
|
||||
}
|
||||
else
|
||||
$settings = json_decode(file_get_contents("peppermint.json"));
|
||||
|
|
|
@ -202,10 +202,10 @@
|
|||
{
|
||||
"id": "page-debug-info",
|
||||
"name": "Debug Information",
|
||||
"version": "0.1.1",
|
||||
"version": "0.2",
|
||||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
|
||||
"lastupdate": 1524415876,
|
||||
"lastupdate": 1568229660,
|
||||
"optional": false,
|
||||
"extra_data": []
|
||||
},
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Debug Information",
|
||||
"version" => "0.1.1",
|
||||
"version" => "0.2",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
|
||||
"id" => "page-debug-info",
|
||||
|
@ -14,6 +14,8 @@ register_module([
|
|||
* @apiPermission Moderator
|
||||
*
|
||||
* @apiUse UserNotModeratorError
|
||||
*
|
||||
* @apiParam {string} secret Optional. If you're not logged in as a moderator or better, then specifying the secret works as a substitute.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -27,8 +29,7 @@ register_module([
|
|||
global $settings, $env, $paths, $version, $commit;
|
||||
header("content-type: text/plain");
|
||||
|
||||
if(!$env->is_admin)
|
||||
{
|
||||
if(!$env->is_admin && (isset($_GET["secret"]) && $_GET["secret"] !== $settings->secret)) {
|
||||
exit("You must be logged in as an moderator in order to generate debugging information.");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue