do not disclose information, show generic error on login page

Conflicts:
	core/templates/login.php
	lib/base.php

diff --git a/core/templates/login.php b/core/templates/login.php
index 0ef7882d4b057f8923325e764d205b1d6eeda873..b24c9cb07d0bc4d6c53cf5eaa5a01565f63aabdc 100644 (file)
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -24,6 +24,12 @@ script('core', [
                                <?php p($message); ?><br>
                        </div>
                <?php endforeach; ?>
+               <?php if (isset($_['internalexception']) && ($_['internalexception'])): ?>
+                       <div class="warning">
+                               <?php p($l->t('An internal error occured.')); ?><br>
+                               <small><?php p($l->t('Please try again or contact your administrator.')); ?></small>
+                       </div>
+               <?php endif; ?>
                <p id="message" class="hidden">
                        <img class="float-spinner" alt=""
                                src="<?php p(\OCP\Util::imagePath('core', 'loading-dark.gif'));?>">

diff --git a/lib/base.php b/lib/base.php
index 042419eff1d2c0f571f3fe30e3d6d4001273ae17..82282c7dabd4213e0a4f93affb1189734edb2c7d 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -957,6 +957,10 @@ class OC {
                        }
                } catch (\OC\User\LoginException $e) {
                        $messages[] = $e->getMessage();
+               } catch (\Exception $ex) {
+                       \OCP\Util::logException('handleLogin', $ex);
+                       // do not disclose information. show generic error
+                       $error[] = 'internalexception';
                }
 
                OC_Util::displayLoginPage(array_unique($error), $messages);