From 056bb3d0db6ffa8d9af582391cc753ddb8cef94a Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Fri, 18 Apr 2025 03:55:03 -0400 Subject: [PATCH] [s] Disallow href_tokens from being able to be read (#90667) --- code/modules/admin/holder2.dm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/code/modules/admin/holder2.dm b/code/modules/admin/holder2.dm index 020d03dbfc2..6be76b4df87 100644 --- a/code/modules/admin/holder2.dm +++ b/code/modules/admin/holder2.dm @@ -21,9 +21,10 @@ GLOBAL_PROTECT(href_token) var/spamcooldown = 0 - ///Randomly generated signature used for security records authorization name. + ///Randomly generated signature used for security records authorization name. Not code security critical var/admin_signature + /// Code security critcal token used for authorizing href topic calls var/href_token /// Link from the database pointing to the admin's feedback forum @@ -82,6 +83,11 @@ GLOBAL_PROTECT(href_token) QDEL_NULL(path_debug) return ..() +/datum/admins/can_vv_get(var_name) + if(var_name == NAMEOF(src, href_token)) + return FALSE + return ..() + /datum/admins/proc/activate() if(IsAdminAdvancedProcCall()) alert_to_permissions_elevation_attempt(usr)