1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-22 13:45:02 +00:00

Add secret GET param to debug action

This commit is contained in:
Starbeamrainbowlabs 2019-09-11 20:21:21 +01:00
parent 8d67a8290c
commit 2198755af8
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
3 changed files with 10 additions and 6 deletions

View file

@ -35,7 +35,10 @@ if(!file_exists($settingsFilename)) {
$settings->$key = $value->default;
// Generate a random secret
$settings->secret = bin2hex(random_bytes(16));
file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT));
if(file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT)) === false) {
http_response_code(503);
exit("Oops! It looks like $settings->sitename wasn't able to write peppermint.json to disk.\nThis file contains all of $settings->sitename's settings, so it's really important!\nHave you checked that PHP has write access to the directory that index.php is located in (and all it's contents and subdirectories)? Try\n\nsudo chown USERNAME:USERNAME -R path/to/directory\n\nand\n\nsudo chmod -R 0644 path/to/directory;\nsudo chmod -R +X path/too/directory\n\n....where USERNAME is the username that the PHP process is running under.");
}
}
else
$settings = json_decode(file_get_contents("peppermint.json"));

View file

@ -202,10 +202,10 @@
{
"id": "page-debug-info",
"name": "Debug Information",
"version": "0.1.1",
"version": "0.2",
"author": "Starbeamrainbowlabs",
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"lastupdate": 1524415876,
"lastupdate": 1568229660,
"optional": false,
"extra_data": []
},

View file

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Debug Information",
"version" => "0.1.1",
"version" => "0.2",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"id" => "page-debug-info",
@ -14,6 +14,8 @@ register_module([
* @apiPermission Moderator
*
* @apiUse UserNotModeratorError
*
* @apiParam {string} secret Optional. If you're not logged in as a moderator or better, then specifying the secret works as a substitute.
*/
/*
@ -27,8 +29,7 @@ register_module([
global $settings, $env, $paths, $version, $commit;
header("content-type: text/plain");
if(!$env->is_admin)
{
if(!$env->is_admin && (isset($_GET["secret"]) && $_GET["secret"] !== $settings->secret)) {
exit("You must be logged in as an moderator in order to generate debugging information.");
}