From 54fda55fd99ffccc29817d802ec2a7f9baef4202 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 24 Sep 2018 08:25:08 +0200 Subject: [PATCH] made it clear that the profiler is for dev only --- src/Symfony/Bundle/WebProfilerBundle/README.md | 6 ++++++ .../Bundle/WebProfilerBundle/WebProfilerBundle.php | 8 ++++++-- .../HttpKernel/Profiler/ProfilerStorageInterface.php | 8 ++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Bundle/WebProfilerBundle/README.md b/src/Symfony/Bundle/WebProfilerBundle/README.md index 03780d5e5904e..48e6075636519 100644 --- a/src/Symfony/Bundle/WebProfilerBundle/README.md +++ b/src/Symfony/Bundle/WebProfilerBundle/README.md @@ -1,6 +1,12 @@ WebProfilerBundle ================= +The Web profiler bundle is a **development tool** that gives detailed +information about the execution of any request. + +**Never** enable it on production servers as it will lead to major security +vulnerabilities in your project. + Resources --------- diff --git a/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php b/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php index fecc0f365f237..897c3ffb7ff85 100644 --- a/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php +++ b/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php @@ -14,10 +14,14 @@ use Symfony\Component\HttpKernel\Bundle\Bundle; /** - * Bundle. - * * @author Fabien Potencier */ class WebProfilerBundle extends Bundle { + public function boot() + { + if ('prod' === $this->container->getParameter('kernel.environment')) { + @trigger_error('Using WebProfilerBundle in production is not supported and puts your project at risk, disable it.', E_USER_WARNING); + } + } } diff --git a/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php b/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php index 544fb1fef6ec6..b78bae847f5a8 100644 --- a/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php +++ b/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php @@ -14,6 +14,14 @@ /** * ProfilerStorageInterface. * + * This interface exists for historical reasons. The only supported + * implementation is FileProfilerStorage. + * + * As the profiler must only be used on non-production servers, the file storage + * is more than enough and no other implementations will ever be supported. + * + * @internal since 4.2 + * * @author Fabien Potencier */ interface ProfilerStorageInterface