diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 13:52:34 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 13:52:34 +0200 |
| commit | f715b5ea2e1b75498e253181b4ed74847ba90a08 (patch) | |
| tree | 30bf2d376a8a5ab43c40f9c9fc0b4e2019f62b3d /apps/dav/templates | |
| parent | f5aafdc89789623e72f9a05ecc2629ed2894668b (diff) | |
| download | nextcloud-server-f715b5ea2e1b75498e253181b4ed74847ba90a08.tar.gz nextcloud-server-f715b5ea2e1b75498e253181b4ed74847ba90a08.zip | |
Don't print exception message in HTML
The exception message is potentially influenced by user input and could thus be confusing (e.g. somebody could try to open a file like "Please send a mail to support@foo.com", and then the message would include that string.
It is thus reasonable to not show the exception message by default. Also for the browser view I added an `exit()` at the end, as otherwise the XML exception would be attached.
Diffstat (limited to 'apps/dav/templates')
| -rw-r--r-- | apps/dav/templates/exception.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/apps/dav/templates/exception.php b/apps/dav/templates/exception.php index ff3d1f3d20d..c4abd205bfc 100644 --- a/apps/dav/templates/exception.php +++ b/apps/dav/templates/exception.php @@ -1,7 +1,5 @@ <?php /** - - * * @author Thomas Müller <thomas.mueller@tmit.eu> * * @license GNU AGPL version 3 or any later version @@ -21,10 +19,11 @@ * */ style('core', ['styles', 'header']); + +/** @param $_ array */ ?> <span class="error error-wide"> <h2><strong><?php p($_['title']) ?></strong></h2> - <p><?php p($_['message']) ?></p> <br> <h2><strong><?php p($l->t('Technical details')) ?></strong></h2> |