patch container debug lookup

Change debug lookup in URL to lookup in request.mode This is more consistent as it can be set from the session and it is also checked against against the currently logged in user. A blind URL lookup overrides security settings and potential information from the cfdump can assist attackers
farcrycore · Jan 20, 2016 · c97afaa · c97afaa
1 parent 542af6a
commit c97afaa
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/packages/rules/container.cfc b/packages/rules/container.cfc
@@ -562,7 +562,7 @@ $Developer: Geoff Bowers ([email protected]) $
 					<!--- <cfset oError.logData(oError.normalizeError(cfcatch)) /> --->
 
 					<!--- show error if debugging --->
-					<cfif isdefined("url.debug") and url.debug EQ 1>
+					<cfif isdefined("request.mode.debug") and request.mode.debug EQ 1>
 						<cfset request.cfdumpinited = false>
 
 						<skin:bubble title="Error with rule '#application.stcoapi[rule].displayName#'" bAutoHide="false" tags="rule,error">
@@ -669,4 +669,4 @@ $Developer: Geoff Bowers ([email protected]) $
 	</cffunction>
 
 
-</cfcomponent>
+</cfcomponent>