Merge pull request #9995 from nextcloud/bugfix/noid/error-page-with-500-http-code

Server error/hint pages with a 500 error code to avoid it being seen …

6 files changed, 26 insertions, 60 deletions

diff --git a/index.php b/index.php
index 1ce80b17880..b66281e6449 100644
--- a/index.php
+++ b/index.php
@@ -45,23 +45,19 @@ try {
 	\OC::$server->getLogger()->logException($ex, array('app' => 'index'));
 
 	//show the user a detailed error page
-	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
-	OC_Template::printExceptionErrorPage($ex);
+	OC_Template::printExceptionErrorPage($ex, \OC_Response::STATUS_SERVICE_UNAVAILABLE);
 } catch (\OC\HintException $ex) {
-	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
 	try {
-		OC_Template::printErrorPage($ex->getMessage(), $ex->getHint());
+		OC_Template::printErrorPage($ex->getMessage(), $ex->getHint(), OC_Response::STATUS_SERVICE_UNAVAILABLE);
 	} catch (Exception $ex2) {
 		\OC::$server->getLogger()->logException($ex, array('app' => 'index'));
 		\OC::$server->getLogger()->logException($ex2, array('app' => 'index'));
 
 		//show the user a detailed error page
-		OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-		OC_Template::printExceptionErrorPage($ex);
+		OC_Template::printExceptionErrorPage($ex, \OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 	}
 } catch (\OC\User\LoginException $ex) {
-	OC_Response::setStatus(OC_Response::STATUS_FORBIDDEN);
-	OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage());
+	OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage(), OC_Response::STATUS_FORBIDDEN);
 } catch (Exception $ex) {
 	\OC::$server->getLogger()->logException($ex, array('app' => 'index'));
 
@@ -92,6 +88,5 @@ try {
 
 		throw $e;
 	}
-	OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-	OC_Template::printExceptionErrorPage($ex);
+	OC_Template::printExceptionErrorPage($ex, \OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 }
diff --git a/lib/base.php b/lib/base.php
index c859972d39b..60a4c03bc41 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -260,7 +260,8 @@ class OC {
 					$l->t('This can usually be fixed by giving the webserver write access to the config directory. See %s',
 					[ $urlGenerator->linkToDocs('admin-dir_permissions') ]) . '. '
 					. $l->t('Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it. See %s',
-					[ $urlGenerator->linkToDocs('admin-config') ] )
+					[ $urlGenerator->linkToDocs('admin-config') ] ),
+					\OC_Response::STATUS_SERVICE_UNAVAILABLE
 				);
 			}
 		}
@@ -433,8 +434,7 @@ class OC {
 		} catch (Exception $e) {
 			\OC::$server->getLogger()->logException($e, ['app' => 'base']);
 			//show the user a detailed error page
-			OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
-			OC_Template::printExceptionErrorPage($e);
+			OC_Template::printExceptionErrorPage($e, \OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 			die();
 		}
 
@@ -750,11 +750,10 @@ class OC {
 		// Check whether the sample configuration has been copied
 		if($systemConfig->getValue('copied_sample_config', false)) {
 			$l = \OC::$server->getL10N('lib');
-			header('HTTP/1.1 503 Service Temporarily Unavailable');
-			header('Status: 503 Service Temporarily Unavailable');
 			OC_Template::printErrorPage(
 				$l->t('Sample configuration detected'),
-				$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php')
+				$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php'),
+				\OC_Response::STATUS_SERVICE_UNAVAILABLE
 			);
 			return;
 		}
diff --git a/lib/private/legacy/files.php b/lib/private/legacy/files.php
index 00cd5fbfe51..f4474197d86 100644
--- a/lib/private/legacy/files.php
+++ b/lib/private/legacy/files.php
@@ -198,18 +198,18 @@ class OC_Files {
 			OC::$server->getLogger()->logException($ex);
 			$l = \OC::$server->getL10N('core');
 			$hint = method_exists($ex, 'getHint') ? $ex->getHint() : '';
-			\OC_Template::printErrorPage($l->t('File is currently busy, please try again later'), $hint);
+			\OC_Template::printErrorPage($l->t('File is currently busy, please try again later'), $hint, 200);
 		} catch (\OCP\Files\ForbiddenException $ex) {
 			self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
 			OC::$server->getLogger()->logException($ex);
 			$l = \OC::$server->getL10N('core');
-			\OC_Template::printErrorPage($l->t('Can\'t read file'), $ex->getMessage());
+			\OC_Template::printErrorPage($l->t('Can\'t read file'), $ex->getMessage(), 200);
 		} catch (\Exception $ex) {
 			self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
 			OC::$server->getLogger()->logException($ex);
 			$l = \OC::$server->getL10N('core');
 			$hint = method_exists($ex, 'getHint') ? $ex->getHint() : '';
-			\OC_Template::printErrorPage($l->t('Can\'t read file'), $hint);
+			\OC_Template::printErrorPage($l->t('Can\'t read file'), $hint, 200);
 		}
 	}
 
diff --git a/lib/private/legacy/template.php b/lib/private/legacy/template.php
index 3cca8245af0..f84d6386deb 100644
--- a/lib/private/legacy/template.php
+++ b/lib/private/legacy/template.php
@@ -304,9 +304,10 @@ class OC_Template extends \OC\Template\Base {
 	 * Print a fatal error page and terminates the script
 	 * @param string $error_msg The error message to show
 	 * @param string $hint An optional hint message - needs to be properly escape
+	 * @param int $statusCode
 	 * @suppress PhanAccessMethodInternal
 	 */
-	public static function printErrorPage( $error_msg, $hint = '' ) {
+	public static function printErrorPage( $error_msg, $hint = '', $statusCode = 500) {
 		if (\OC::$server->getAppManager()->isEnabledForUser('theming') && !\OC_App::isAppLoaded('theming')) {
 			\OC_App::loadApp('theming');
 		}
@@ -317,6 +318,7 @@ class OC_Template extends \OC\Template\Base {
 			$hint = '';
 		}
 
+		http_response_code($statusCode);
 		try {
 			$content = new \OC_Template( '', 'error', 'error', false );
 			$errors = array(array('error' => $error_msg, 'hint' => $hint));
@@ -327,7 +329,6 @@ class OC_Template extends \OC\Template\Base {
 			$logger->error("$error_msg $hint", ['app' => 'core']);
 			$logger->logException($e, ['app' => 'core']);
 
-			header(self::getHttpProtocol() . ' 500 Internal Server Error');
 			header('Content-Type: text/plain; charset=utf-8');
 			print("$error_msg $hint");
 		}
@@ -337,11 +338,12 @@ class OC_Template extends \OC\Template\Base {
 	/**
 	 * print error page using Exception details
 	 * @param Exception|Throwable $exception
-	 * @param bool $fetchPage
+	 * @param int $statusCode
 	 * @return bool|string
 	 * @suppress PhanAccessMethodInternal
 	 */
-	public static function printExceptionErrorPage($exception, $fetchPage = false) {
+	public static function printExceptionErrorPage($exception, $statusCode = 503) {
+		http_response_code($statusCode);
 		try {
 			$request = \OC::$server->getRequest();
 			$content = new \OC_Template('', 'exception', 'error', false);
@@ -354,16 +356,12 @@ class OC_Template extends \OC\Template\Base {
 			$content->assign('debugMode', \OC::$server->getSystemConfig()->getValue('debug', false));
 			$content->assign('remoteAddr', $request->getRemoteAddress());
 			$content->assign('requestID', $request->getId());
-			if ($fetchPage) {
-				return $content->fetchPage();
-			}
 			$content->printPage();
 		} catch (\Exception $e) {
 			$logger = \OC::$server->getLogger();
 			$logger->logException($exception, ['app' => 'core']);
 			$logger->logException($e, ['app' => 'core']);
 
-			header(self::getHttpProtocol() . ' 500 Internal Server Error');
 			header('Content-Type: text/plain; charset=utf-8');
 			print("Internal Server Error\n\n");
 			print("The server encountered an internal error and was unable to complete your request.\n");
@@ -372,26 +370,4 @@ class OC_Template extends \OC\Template\Base {
 		}
 		die();
 	}
-
-	/**
-	 * This is only here to reduce the dependencies in case of an exception to
-	 * still be able to print a plain error message.
-	 *
-	 * Returns the used HTTP protocol.
-	 *
-	 * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0.
-	 * @internal Don't use this - use AppFramework\Http\Request->getHttpProtocol instead
-	 */
-	protected static function getHttpProtocol() {
-		$claimedProtocol = strtoupper($_SERVER['SERVER_PROTOCOL']);
-		$validProtocols = [
-			'HTTP/1.0',
-			'HTTP/1.1',
-			'HTTP/2',
-		];
-		if(in_array($claimedProtocol, $validProtocols, true)) {
-			return $claimedProtocol;
-		}
-		return 'HTTP/1.1';
-	}
 }
diff --git a/public.php b/public.php
index f8ef7a272b3..c81a6b5a960 100644
--- a/public.php
+++ b/public.php
@@ -36,8 +36,7 @@ try {
 	if (\OCP\Util::needUpgrade()) {
 		// since the behavior of apps or remotes are unpredictable during
 		// an upgrade, return a 503 directly
-		OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
-		OC_Template::printErrorPage('Service unavailable');
+		OC_Template::printErrorPage('Service unavailable', '', OC_Response::STATUS_SERVICE_UNAVAILABLE);
 		exit;
 	}
 
@@ -80,16 +79,15 @@ try {
 
 } catch (Exception $ex) {
 	if ($ex instanceof \OC\ServiceUnavailableException) {
-		OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
+		$status = OC_Response::STATUS_SERVICE_UNAVAILABLE;
 	} else {
-		OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
+		$status = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
 	}
 	//show the user a detailed error page
 	\OC::$server->getLogger()->logException($ex, ['app' => 'public']);
-	OC_Template::printExceptionErrorPage($ex);
+	OC_Template::printExceptionErrorPage($ex, $status);
 } catch (Error $ex) {
 	//show the user a detailed error page
-	OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 	\OC::$server->getLogger()->logException($ex, ['app' => 'public']);
-	OC_Template::printExceptionErrorPage($ex);
+	OC_Template::printExceptionErrorPage($ex, OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 }
diff --git a/remote.php b/remote.php
index a14ff6ac308..d90bb2d8ee5 100644
--- a/remote.php
+++ b/remote.php
@@ -77,12 +77,10 @@ function handleException($e) {
 		}
 		if ($e instanceof RemoteException) {
 			// we shall not log on RemoteException
-			OC_Response::setStatus($e->getCode());
-			OC_Template::printErrorPage($e->getMessage());
+			OC_Template::printErrorPage($e->getMessage(), '', $e->getCode());
 		} else {
 			\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
-			OC_Response::setStatus($statusCode);
-			OC_Template::printExceptionErrorPage($e);
+			OC_Template::printExceptionErrorPage($e, $statusCode);
 		}
 	}
 }