8000 feature #28572 Make it clear that the profiler is for dev only (fabpot) · symfony/symfony@3d2124e · GitHub
[go: up one dir, main page]
Skip to content

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3d2124e

Browse files
fabpotfabpot
committed
feature #28572 Make it clear that the profiler is for dev only (fabpot)
This PR was merged into the 4.2-dev branch. Discussion ---------- Make it clear that the profiler is for dev only | Q | A | ------------- | --- | Branch? | master | Bug fix? | kinda yes | New feature? | yes | BC breaks? | no | Deprecations? | yes (permanent one) | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | symfony/symfony-docs#10386 Commits ------- 54fda55 made it clear that the profiler is for dev only
2 parents 5dadd95 + 54fda55 commit 3d2124e

File tree

3 files changed

+20
-2
lines changed

3 files changed

+20
-2
lines changed

src/Symfony/Bundle/WebProfilerBundle/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
WebProfilerBundle
22
=================
33

4+
The Web profiler bundle is a **development tool** that gives detailed
5+
information about the execution of any request.
6+
7+
**Never** enable it on production servers as it will lead to major security
8+
vulnerabilities in your project.
9+
410
Resources
511
---------
612

src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,14 @@
1414
use Symfony\Component\HttpKernel\Bundle\Bundle;
1515

1616
/**
17-
* Bundle.
18-
*
1917
* @author Fabien Potencier <fabien@symfony.com>
2018
*/
2119
class WebProfilerBundle extends Bundle
2220
{
21+
public function boot()
22+
{
23+
if ('prod' === $this->container->getParameter('kernel.environment')) {
24+
@trigger_error('Using WebProfilerBundle in production is not supported and puts your project at risk, disable it.', E_USER_WARNING);
25+
}
26+
}
2327
}

src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,14 @@
1414
/**
1515
* ProfilerStorageInterface.
1616
*
17+
* This interface exists for historical reasons. The only supported
18+
* implementation is FileProfilerStorage.
19+
*
20+
* As the profiler must only be used on non-production servers, the file storage
21+
* is more than enough and no other implementations will ever be supported.
22+
*
23+
* @internal since 4.2
24+
*
1725
* @author Fabien Potencier <fabien@symfony.com>
1826
*/
1927
interface ProfilerStorageInterface

0 commit comments

Comments
 (0)
0