Skip to content

Commit

Permalink
Add permission check to debug link query (NamelessMC#2501)
Browse files Browse the repository at this point in the history 
Co-authored-by: Tadhg Boyle <tadhgsmboyle@gmail.com>
  • Loading branch information
@supercrafter100 @tadhgboyle
supercrafter100 and tadhgboyle authored Nov 22, 2021
1 parent 175b40c commit 855d84a
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 44 deletions.
1 change: 1 addition & 0 deletions error.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@
'ERROR_TYPE' => is_null($exception) ? $language->get('general', 'error') : (new ReflectionClass($exception))->getName(),
'ERROR_STRING' => $error_string,
'ERROR_FILE' => $error_file,
'CAN_GENERATE_DEBUG' => $user->hasPermission('admincp.core.debugging'),
'DEBUG_LINK' => $language->get('admin', 'debug_link'),
'DEBUG_LINK_URL' => URL::build('/queries/debug_link'),
'ERROR_SQL_STACK' => QueryRecorder::getInstance()->getSqlStack(),
Expand Down
91 changes: 47 additions & 44 deletions error.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,18 @@
<h2><kbd>{$ERROR_STRING}</kbd></h2>
<h3>(File: {$ERROR_FILE})</h3>
<a href="{$CURRENT_URL}">{$CURRENT_URL}</a>

<button class="float-right btn btn-info d-flex align-items-center" id="debug_link">
<span class="spinner-border spinner-border-sm mr-2" role="status" id="debug_link_loading" style="display: none;"></span>
<span id="debug_link_text">{$DEBUG_LINK}</span>
<span id="debug_link_success" style="display: none;">
<i class="fa fa-check"></i>
</span>
<span id="debug_link_error" style="display: none;">
<i class="fa fa-times-circle"></i>
</span>
</button>
{if $CAN_GENERATE_DEBUG}
<button class="float-right btn btn-info d-flex align-items-center" id="debug_link">
<span class="spinner-border spinner-border-sm mr-2" role="status" id="debug_link_loading" style="display: none;"></span>
<span id="debug_link_text">{$DEBUG_LINK}</span>
<span id="debug_link_success" style="display: none;">
<i class="fa fa-check"></i>
</span>
<span id="debug_link_error" style="display: none;">
<i class="fa fa-times-circle"></i>
</span>
</button>
{/if}

{else}

Expand Down Expand Up @@ -282,39 +283,41 @@ function openSqlFrame(id) {
$('#sql-button-' + id).addClass('active');
}
let link_created = false;
$('#debug_link').click(() => {
$('#debug_link').blur();
if (link_created) {
return;
}
$('#debug_link').prop('disabled', true);
$('#debug_link_loading').show(100);
$.get('{$DEBUG_LINK_URL}')
.done((url) => {
link_created = true;
$('#debug_link_loading').hide(100);
$('#debug_link').removeClass('btn-info');
$('#debug_link_text').hide();
$('#debug_link').prop('disabled', false);
if (!url.startsWith('https://debug.namelessmc.com/')) {
$('#debug_link').addClass('btn-danger');
$('#debug_link_error').show();
console.log(url);
alert('Could not create debug link. Check console for information.');
} else {
navigator.clipboard.writeText(url);
$('#debug_link').addClass('btn-success');
$('#debug_link_success').show();
alert('Copied debug link to your clipboard.');
}
});
});
{if $CAN_GENERATE_DEBUG}
let link_created = false;
$('#debug_link').click(() => {
$('#debug_link').blur();
if (link_created) {
return;
}
$('#debug_link').prop('disabled', true);
$('#debug_link_loading').show(100);
$.get('{$DEBUG_LINK_URL}')
.done((url) => {
link_created = true;
$('#debug_link_loading').hide(100);
$('#debug_link').removeClass('btn-info');
$('#debug_link_text').hide();
$('#debug_link').prop('disabled', false);
if (!url.startsWith('https://debug.namelessmc.com/')) {
$('#debug_link').addClass('btn-danger');
$('#debug_link_error').show();
console.log(url);
alert('Could not create debug link. Check console for information.');
} else {
navigator.clipboard.writeText(url);
$('#debug_link').addClass('btn-success');
$('#debug_link_success').show();
alert('Copied debug link to your clipboard.');
}
});
});
{/if}
</script>
</html>
6 changes: 6 additions & 0 deletions modules/Core/queries/debug_link.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
<?php

// Can user generate the debug link?
if(!$user->hasPermission('admincp.core.debugging')) {
require_once(ROOT_PATH . '/403.php');
die();
}

$namelessmc_modules = [];
$namelessmc_fe_templates = [];
$namelessmc_panel_templates = [];
Expand Down

0 comments on commit 855d84a

Please sign in to comment.