Skip to content

Commit

Permalink
Merge pull request #52 from SilbinaryWolf/fix-basicauth
Browse files Browse the repository at this point in the history
fix(BasicAuth): Fix bug where you could bypass BasicAuth if a page was cached.
  • Loading branch information
Damian Mooyman authored Dec 8, 2016
2 parents 21a9656 + 5d47e41 commit 2068cc9
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions code/DynamicCache.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,23 @@ protected function enabled($url)
return false;
}

// If user failed BasicAuth, disable cache and fallback to PHP code
$basicAuthConfig = Config::inst()->forClass('BasicAuth');
if($basicAuthConfig->entire_site_protected) {
$member = null;
try {
$member = BasicAuth::requireLogin($basicAuthConfig->entire_site_protected_message, $basicAuthConfig->entire_site_protected_code, false);
} catch (SS_HTTPResponse_Exception $e) {
// This codepath means Member auth failed
} catch (Exception $e) {
// This means an issue occurred elsewhere
throw $e;
}
if (!$member instanceof Member) {
return false;
}
}

// If displaying form errors then don't display cached result
foreach (Session::get_all() as $field => $data) {
// Check for session details in the form FormInfo.{$FormName}.errors/FormInfo.{$FormName}.formError
Expand Down

0 comments on commit 2068cc9

Please sign in to comment.