SECURITY: mini profiler enabled incorrectly for admins

SECURITY: mini profiler enabled incorrectly for admins

We expect mini profiler only to show up on accounts that are flagged as developer accounts.

Unfortunately there was a bypass on any controllers that mix in ApplicationHelper

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index c45ade5..84d8e38 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -185,10 +185,6 @@ module ApplicationHelper
     @guardian ||= Guardian.new(current_user)
   end
 
-  def mini_profiler_enabled?
-    defined?(Rack::MiniProfiler) && admin?
-  end
-
   def admin?
     current_user.try(:admin?)
   end

GitHub sha: 602215a2

1 Like