sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

Add secret GET param to debug action

This commit is contained in:
Starbeamrainbowlabs 2019-09-11 20:21:21 +01:00
parent 8d67a8290c
commit 2198755af8
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/01-settings.fragment.php
View File

@ -35,7 +35,10 @@ if(!file_exists($settingsFilename)) {
$settings->$key = $value->default; $settings->$key = $value->default;
// Generate a random secret // Generate a random secret
$settings->secret = bin2hex(random_bytes(16)); $settings->secret = bin2hex(random_bytes(16));
file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT)); if(file_put_contents("peppermint.json", json_encode($settings, JSON_PRETTY_PRINT)) === false) {
http_response_code(503);
exit("Oops! It looks like $settings->sitename wasn't able to write peppermint.json to disk.\nThis file contains all of $settings->sitename's settings, so it's really important!\nHave you checked that PHP has write access to the directory that index.php is located in (and all it's contents and subdirectories)? Try\n\nsudo chown USERNAME:USERNAME -R path/to/directory\n\nand\n\nsudo chmod -R 0644 path/to/directory;\nsudo chmod -R +X path/too/directory\n\n....where USERNAME is the username that the PHP process is running under.");
}
} }
else else
$settings = json_decode(file_get_contents("peppermint.json")); $settings = json_decode(file_get_contents("peppermint.json"));

4
module_index.json
View File

@ -202,10 +202,10 @@
{ {
"id": "page-debug-info", "id": "page-debug-info",
"name": "Debug Information", "name": "Debug Information",
"version": "0.1.1", "version": "0.2",
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.", "description": "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"lastupdate": 1524415876, "lastupdate": 1568229660,
"optional": false, "optional": false,
"extra_data": [] "extra_data": []
}, },

7
modules/page-debug-info.php
View File

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Debug Information", "name" => "Debug Information",
"version" => "0.1.1", "version" => "0.2",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.", "description" => "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.",
"id" => "page-debug-info", "id" => "page-debug-info",
@ -14,6 +14,8 @@ register_module([
* @apiPermission Moderator * @apiPermission Moderator
* *
* @apiUse UserNotModeratorError * @apiUse UserNotModeratorError
*
* @apiParam {string} secret Optional. If you're not logged in as a moderator or better, then specifying the secret works as a substitute.
*/ */
/* /*
@ -27,8 +29,7 @@ register_module([
global $settings, $env, $paths, $version, $commit; global $settings, $env, $paths, $version, $commit;
header("content-type: text/plain"); header("content-type: text/plain");
if(!$env->is_admin) if(!$env->is_admin && (isset($_GET["secret"]) && $_GET["secret"] !== $settings->secret)) {
{
exit("You must be logged in as an moderator in order to generate debugging information."); exit("You must be logged in as an moderator in order to generate debugging information.");
} }