Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: mini profiler enabled incorrectly for admins 

We expect mini profiler only to show up on accounts that are flagged as
developer accounts.

Unfortunately there was a bypass on any controllers that mix in ApplicationHelper
This commit is contained in:
Sam Saffron 2019-10-09 12:49:22 +11:00
parent 49a4b0dd9c
commit 602215a273
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/helpers/application_helper.rb
View File

@ -185,10 +185,6 @@ module ApplicationHelper
@guardian ||= Guardian.new(current_user) @guardian ||= Guardian.new(current_user)
end end
def mini_profiler_enabled?
defined?(Rack::MiniProfiler) && admin?
end
def admin? def admin?
current_user.try(:admin?) current_user.try(:admin?)
end end