-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathApplication.cfc
83 lines (73 loc) · 2.8 KB
/
Application.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<!---
* Copyright (c) 2014, the Railo Company Ltd. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
---><cfcomponent><cfscript>
// copied from the the lucee admin
this.name="lucee-performance-analzyer";
this.clientmanagement="no";
this.clientstorage="file";
this.scriptprotect="all";
this.sessionmanagement="yes";
this.sessionStorage="memory";
this.sessiontimeout="#createTimeSpan(0,0,30,0)#";
this.setclientcookies="yes";
this.setdomaincookies="no";
this.applicationtimeout="#createTimeSpan(1,0,0,0)#";
this.localmode="update";
this.web.charset="utf-8";
this.sessionCookie.httpOnly = true; // prevent access to session cookies from javascript
this.sessionCookie.sameSite = "strict";
this.sessionCookie.path = "/#listFirst(cgi.script_name,"/")#";
this.tag.cookie.sameSite = "strict";
this.xmlFeatures = {
externalGeneralEntities: false,
secure: true,
disallowDoctypeDecl: true
};
request.adminType = "web";
try {
request.singleMode = getConfigSettings().mode == "single";
if (request.singleMode)
request.adminType="server";
} catch (e){
// lucee 6.0 only
}
//if(fileName!="admin.cfm" && fileName!="web.cfm" && fileName!="server.cfm" && fileName!="index.cfm") {
public function onRequestStart() {
// if not logged in, we only allow access to admin|web|server[.cfm]
if ( !StructKeyExists( session, "password" & request.adminType ) ){
structDelete( session, "passwordWeb" );
structDelete( session, "passwordServer" );
}
if(!structKeyExists( session, "passwordWeb" ) && !structKeyExists( session, "passwordServer" )){
var fileName = listLast( cgi.script_name, "/" );
if (getDirectoryFromPath(ExpandPath(cgi.SCRIPT_NAME)) neq GetDirectoryFromPath(GetCurrentTemplatePath())
|| fileName!="index.cfm") {
cfsetting(showdebugoutput:false);
cfheader(statuscode="404" statustext="Invalid access");
cfcontent(reset="true");
abort;
}
url.pluginAction="login";
}
}
public function onApplicationStart(){
if(structKeyExists(server.system.environment,"LUCEE_ADMIN_ENABLED") && server.system.environment.LUCEE_ADMIN_ENABLED EQ false){
cfheader(statuscode="404" statustext="Invalid access");
abort;
}
}
</cfscript></cfcomponent>