From ac0781dc7b4bb9c4a731ae13fbd35e2aadb8f686 Mon Sep 17 00:00:00 2001
From: michaeloffner <michaeloffner@users.noreply.github.com>
Date: Mon, 9 Sep 2024 15:10:50 +0200
Subject: [PATCH] disable debugging for Lucee admin

---
 core/src/main/cfml/context/admin/Application.cfc    |  2 +-
 core/src/main/cfml/context/admin/web.cfm            |  8 +++++---
 .../main/java/lucee/runtime/tag/Application.java    | 13 +++++++++++++
 core/src/main/java/resource/tld/core-base.tld       |  9 +++++++++
 loader/build.xml                                    |  2 +-
 loader/pom.xml                                      |  2 +-
 6 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/core/src/main/cfml/context/admin/Application.cfc b/core/src/main/cfml/context/admin/Application.cfc
index b57c84c052..18902d3cd2 100644
--- a/core/src/main/cfml/context/admin/Application.cfc
+++ b/core/src/main/cfml/context/admin/Application.cfc
@@ -57,7 +57,7 @@ public function onRequestStart() {
 		var fileName=listLast(cgi.script_name,"/");
 		if(fileName!="admin.cfm" && fileName!="web.cfm" && fileName!="server.cfm" && fileName!="index.cfm" && fileName!="restart.cfm") {
 			writeLog(text="Lucee Admin request to restricted file [#filename#] before login", type="error", log="application");
-			cfsetting(showdebugoutput:false);
+			cfsetting(show:false);
 			cfheader(statuscode="404" statustext="Invalid access");
 			cfcontent(reset="true");
 			abort;
diff --git a/core/src/main/cfml/context/admin/web.cfm b/core/src/main/cfml/context/admin/web.cfm
index 6eb8dc2764..b641cd4386 100755
--- a/core/src/main/cfml/context/admin/web.cfm
+++ b/core/src/main/cfml/context/admin/web.cfm
@@ -11,9 +11,8 @@
 	}
 	param name="request.disableFrame" default="false" type="boolean";
 	param name="request.setCFApplication" default="true" type="boolean";
-
 	if(request.setCFApplication) {
-		application name="webadmin#server.lucee.version#"
+		application action="update"
 		sessionmanagement="yes"
 		clientmanagement="no"
 		setclientcookies="yes"
@@ -24,8 +23,11 @@
 		sessiontimeout="#createTimeSpan(0,0,30,0)#"
 		applicationtimeout="#createTimeSpan(1,0,0,0)#"
 		localmode="update"
-		webcharset="utf-8";
+		webcharset="utf-8"
+		show="#false#";
+		cfsetting(show:false);
 	}
+
 </cfscript><cfsilent>
 
 <!--- todo: remember screenwidth, so images have the correct width etc. --->
diff --git a/core/src/main/java/lucee/runtime/tag/Application.java b/core/src/main/java/lucee/runtime/tag/Application.java
index 4e943a2de1..761c896657 100644
--- a/core/src/main/java/lucee/runtime/tag/Application.java
+++ b/core/src/main/java/lucee/runtime/tag/Application.java
@@ -171,6 +171,7 @@ public final class Application extends TagImpl implements DynamicAttributes {
 	private Boolean showDebug;
 	private Boolean showMetric;
 	private Boolean showTest;
+	private Boolean show;
 
 	private Boolean debuggingDatabase;
 	private Boolean debuggingException;
@@ -270,6 +271,7 @@ public void release() {
 		showDoc = null;
 		showMetric = null;
 		showTest = null;
+		show = null;
 
 		this.debuggingDatabase = null;
 		this.debuggingException = null;
@@ -735,6 +737,10 @@ public void setShowtest(boolean showTest) {
 		this.showTest = showTest;
 	}
 
+	public void setShow(boolean show) {
+		this.show = show;
+	}
+
 	public void setRegex(Object data) throws PageException {
 		if (Decision.isSimpleValue(data)) {
 			regex = RegexFactory.toRegex(RegexFactory.toType(Caster.toString(data)), null);
@@ -986,6 +992,13 @@ else if ((sct = Caster.toStruct(e.getValue(), null)) != null) {
 			if (searchQueries != null) appContextSup.setAllowImplicidQueryCall(searchQueries.booleanValue());
 			if (regex != null) appContextSup.setRegex(regex);
 
+			if (show != null) {
+				appContextSup.setShowDebug(show.booleanValue());
+				appContextSup.setShowDoc(show.booleanValue());
+				appContextSup.setShowMetric(show.booleanValue());
+				appContextSup.setShowTest(show.booleanValue());
+			}
+			// overrule previous with specific
 			if (showDebug != null) appContextSup.setShowDebug(showDebug.booleanValue());
 			if (showDoc != null) appContextSup.setShowDoc(showDoc.booleanValue());
 			if (showMetric != null) appContextSup.setShowMetric(showMetric.booleanValue());
diff --git a/core/src/main/java/resource/tld/core-base.tld b/core/src/main/java/resource/tld/core-base.tld
index a2ac36e163..c87bb98958 100755
--- a/core/src/main/java/resource/tld/core-base.tld
+++ b/core/src/main/java/resource/tld/core-base.tld
@@ -5722,6 +5722,15 @@ This attribute only takes effect when a custom debug template is defined in the
 		otherwise display at the end of the generated page.</description>
 			<introduced>6.1.0.155</introduced>
 		</attribute>
+		<attribute>
+			<type>boolean</type>
+			<name>show</name>
+			<required>false</required>
+			<status>hidden</status>
+			<rtexprvalue>true</rtexprvalue>
+			<description></description>
+			<introduced>6.1.1.81</introduced>
+		</attribute>
 		<attribute>
 			<type>number</type>
 			<name>requestTimeOut</name>
diff --git a/loader/build.xml b/loader/build.xml
index a61f865ec8..a306cd5bfe 100644
--- a/loader/build.xml
+++ b/loader/build.xml
@@ -2,7 +2,7 @@
 <project default="core" basedir="." name="Lucee" 
   xmlns:resolver="antlib:org.apache.maven.resolver.ant">
 
-  <property name="version" value="6.1.1.80-SNAPSHOT"/>
+  <property name="version" value="6.1.1.81-SNAPSHOT"/>
 
   <taskdef uri="antlib:org.apache.maven.resolver.ant" resource="org/apache/maven/resolver/ant/antlib.xml">
     <classpath>
diff --git a/loader/pom.xml b/loader/pom.xml
index be1a930f7b..0e81c651a6 100644
--- a/loader/pom.xml
+++ b/loader/pom.xml
@@ -3,7 +3,7 @@
 
   <groupId>org.lucee</groupId>
   <artifactId>lucee</artifactId>
-  <version>6.1.1.80-SNAPSHOT</version>
+  <version>6.1.1.81-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>Lucee Loader Build</name>