Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F1247284
D526.id1349.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Fri, Nov 21, 3:00 PM
Size
635 B
Mime Type
text/x-diff
Expires
Sat, Nov 22, 3:00 PM (9 h, 45 m)
Engine
blob
Format
Raw Data
Handle
810481
Attached To
D526: INP-1914 - Disable "pass_through" handling on the Front-End
D526.id1349.diff
View Options
Index: core/kernel/managers/url_manager.php
===================================================================
--- core/kernel/managers/url_manager.php
+++ core/kernel/managers/url_manager.php
@@ -281,7 +281,13 @@
// because pass through is not changed during script run, then we can cache it
if ( is_null($cached_pass_through) ) {
- $cached_pass_through = Array ();
+ $cached_pass_through = array();
+
+ // Disabled on the Front-End for security reasons.
+ if ( !$this->Application->isAdmin ) {
+ return array();
+ }
+
$pass_through = $this->Application->GetVar('pass_through');
if ( $pass_through ) {
Event Timeline
Log In to Comment