* Interchange has long been distributing the dump page. This is

somewhat insecure; it should be gated with a password. This is a change to pages/dump.html in the standard template. Makes the password be __SQLPASS__ or __ORDERS_TO__. * Allow option to sort the keys of output in ::full_dump. Turn on that option by default in the standard dump page.
interchange · Mar 23, 2014 · a7d81f9 · a7d81f9
1 parent 4816a70
commit a7d81f9
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/dist/standard/pages/dump.html b/dist/standard/pages/dump.html
@@ -1 +1,19 @@
-<xmp>[dump key="[cgi key]"]</xmp>
+[calc]
+    $Tag->tmp('tmp_gate_dump');
+    $pass = $Variable->{SQLPASS} || $Variable->{ORDERS_TO} || $Config->{MailOrderTo} || 'bogus';
+    if($CGI->{password} eq $pass) {
+        $Scratch->{tmp_gate_dump} = 1;
+    } 
+    $CGI->{sort} = 1 unless defined $CGI->{sort};
+    return;
+[/calc]
+[if scratch tmp_gate_dump]
+<xmp>[dump key="[cgi key]" sort="[cgi sort]"]</xmp>
+[else]
+    You must provide the password. It is usually the SQL server password, or the email address where orders go.
+    <form action="[process href=@@MV_PAGE@@ secure=1]" METHOD=post>
+    Password: <input type="text" name=password value="">
+    <input type="submit" value="Dump">
+    </form>
+[/else]
+[/if]
diff --git a/lib/Vend/Error.pm b/lib/Vend/Error.pm
@@ -129,7 +129,8 @@ sub full_dump {
 	}
 
 	$out = minidump();
-	local($Data::Dumper::Indent) = 2;
+	local($Data::Dumper::Indent) = $opt->{indent} || 2;
+	local($Data::Dumper::Sortkeys) = $opt->{sort};
 	unless ($opt->{no_env}) {
 		$out .= "###### ENVIRONMENT     #####\n";
 		if(my $h = ::http()) {