[interchange] * Interchange has long been distributing the dump page. This is
Mike Heins
interchange-cvs at icdevgroup.org
Sun Mar 23 14:08:58 UTC 2014
commit a7d81f95bf62a2c6062fe06c6243f47ce42a254d
Author: Mike Heins <heins at icdevgroup.com>
Date: Sun Mar 23 10:06:39 2014 -0400
* Interchange has long been distributing the dump page. This is
somewhat insecure; it should be gated with a password. This is a
change to pages/dump.html in the standard template. Makes the
password be __SQLPASS__ or __ORDERS_TO__.
* Allow option to sort the keys of output in ::full_dump. Turn on that
option by default in the standard dump page.
dist/standard/pages/dump.html | 20 +++++++++++++++++++-
lib/Vend/Error.pm | 3 ++-
2 files changed, 21 insertions(+), 2 deletions(-)
---
diff --git a/dist/standard/pages/dump.html b/dist/standard/pages/dump.html
index 3fe9172..dd6b13d 100644
--- a/dist/standard/pages/dump.html
+++ b/dist/standard/pages/dump.html
@@ -1 +1,19 @@
-<xmp>[dump key="[cgi key]"]</xmp>
+[calc]
+ $Tag->tmp('tmp_gate_dump');
+ $pass = $Variable->{SQLPASS} || $Variable->{ORDERS_TO} || $Config->{MailOrderTo} || 'bogus';
+ if($CGI->{password} eq $pass) {
+ $Scratch->{tmp_gate_dump} = 1;
+ }
+ $CGI->{sort} = 1 unless defined $CGI->{sort};
+ return;
+[/calc]
+[if scratch tmp_gate_dump]
+<xmp>[dump key="[cgi key]" sort="[cgi sort]"]</xmp>
+[else]
+ You must provide the password. It is usually the SQL server password, or the email address where orders go.
+ <form action="[process href=@@MV_PAGE@@ secure=1]" METHOD=post>
+ Password: <input type="text" name=password value="">
+ <input type="submit" value="Dump">
+ </form>
+[/else]
+[/if]
diff --git a/lib/Vend/Error.pm b/lib/Vend/Error.pm
index 29b0541..1d560ad 100644
--- a/lib/Vend/Error.pm
+++ b/lib/Vend/Error.pm
@@ -129,7 +129,8 @@ sub full_dump {
}
$out = minidump();
- local($Data::Dumper::Indent) = 2;
+ local($Data::Dumper::Indent) = $opt->{indent} || 2;
+ local($Data::Dumper::Sortkeys) = $opt->{sort};
unless ($opt->{no_env}) {
$out .= "###### ENVIRONMENT #####\n";
if(my $h = ::http()) {
More information about the interchange-cvs
mailing list