I recently discovered this unexpected error in my logs...
RuntimeException
ModelAdmin::init(): Invalid Model class lib
for the following url: /admin/events/lib/external/responsive_filemanager/filemanager/dialog.php
That's expected, "lib" is not a valid model class. But what's really odd, is that this is the case for anonymous users... meaning any bot can basically hammer your website and create tons of errors logs due to this.
The issue is that the auth check does not interrupt the init() process in subclasses (there is simply a return statement in the init parent class)
How to reproduce
Visit any /admin/security|modeladmin_segment/invalid_modal/xxx url on a ss website and get a server error
Always add a redirectedTo check in any ModelAdmin subclasses... (not great, because you have to think about it)
<?php
protected function init()
{
parent::init();
if ($this->redirectedTo()) {
return;
}
?>
Better long term solution:
Throw a RedirectException (this does not exist, but I think it really should be added to the core) in the init method to avoid any further processing instead of what's currently in place. This would make the whole thing much simpler and avoid issues for unsuspecting developers.
Additional Context
No response
Validations
[X] Check that there isn't already an issue that reports the same bug
[X] Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)
Module version(s) affected
5.x
Description
I recently discovered this unexpected error in my logs...
for the following url: /admin/events/lib/external/responsive_filemanager/filemanager/dialog.php
That's expected, "lib" is not a valid model class. But what's really odd, is that this is the case for anonymous users... meaning any bot can basically hammer your website and create tons of errors logs due to this.
The issue is that the auth check does not interrupt the init() process in subclasses (there is simply a return statement in the init parent class)
How to reproduce
Visit any /admin/security|modeladmin_segment/invalid_modal/xxx url on a ss website and get a server error
eg: https://some.domain.com/admin/security/lib/external/responsive_filemanager/filemanager/dialog.php
Possible Solution
Always add a redirectedTo check in any ModelAdmin subclasses... (not great, because you have to think about it)
Better long term solution:
Throw a RedirectException (this does not exist, but I think it really should be added to the core) in the init method to avoid any further processing instead of what's currently in place. This would make the whole thing much simpler and avoid issues for unsuspecting developers.
Additional Context
No response
Validations
silverstripe/installer
(with any code examples you've provided)