diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-09-11 14:14:02 +0200 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2014-09-17 13:17:52 +0200 |
| commit | 6d3757f8648cb94b2ba04c6a5bfbc9dd1493103b (patch) | |
| tree | 0cef084c3140b52a4ced70acc6ede3eb52cf33ab /lib/private/template.php | |
| parent | 45b17207ccf03703d4d6c3925f5405f52579aee5 (diff) | |
| download | nextcloud-server-6d3757f8648cb94b2ba04c6a5bfbc9dd1493103b.tar.gz nextcloud-server-6d3757f8648cb94b2ba04c6a5bfbc9dd1493103b.zip | |
Do not show exception to the end-user
Log the error instead of potentially leaking sensitive information
Diffstat (limited to 'lib/private/template.php')
| -rw-r--r-- | lib/private/template.php | 37 |
1 files changed, 12 insertions, 25 deletions
diff --git a/lib/private/template.php b/lib/private/template.php index d95943a714c..fce26117ede 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -250,8 +250,7 @@ class OC_Template extends \OC\Template\Base { /** * Print a fatal error page and terminates the script * @param string $error_msg The error message to show - * @param string $hint An optional hint message - * Warning: All data passed to $hint needs to get sanitized using OC_Util::sanitizeHTML + * @param string $hint An optional hint message - needs to be properly escaped */ public static function printErrorPage( $error_msg, $hint = '' ) { $content = new \OC_Template( '', 'error', 'error', false ); @@ -266,28 +265,16 @@ class OC_Template extends \OC\Template\Base { * @param Exception $exception */ public static function printExceptionErrorPage(Exception $exception) { - $error_msg = $exception->getMessage(); - if ($exception->getCode()) { - $error_msg = '['.$exception->getCode().'] '.$error_msg; - } - if (defined('DEBUG') and DEBUG) { - $hint = $exception->getTraceAsString(); - if (!empty($hint)) { - $hint = '<pre>'.OC_Util::sanitizeHTML($hint).'</pre>'; - } - while (method_exists($exception, 'previous') && $exception = $exception->previous()) { - $error_msg .= '<br/>Caused by:' . ' '; - if ($exception->getCode()) { - $error_msg .= '['.OC_Util::sanitizeHTML($exception->getCode()).'] '; - } - $error_msg .= OC_Util::sanitizeHTML($exception->getMessage()); - }; - } else { - $hint = ''; - if ($exception instanceof \OC\HintException) { - $hint = OC_Util::sanitizeHTML($exception->getHint()); - } - } - self::printErrorPage($error_msg, $hint); + $content = new \OC_Template('', 'exception', 'error', false); + $content->assign('errorMsg', $exception->getMessage()); + $content->assign('errorCode', $exception->getCode()); + $content->assign('file', $exception->getFile()); + $content->assign('line', $exception->getLine()); + $content->assign('trace', $exception->getTraceAsString()); + $content->assign('debugMode', defined('DEBUG') && DEBUG === true); + $content->assign('remoteAddr', OC_Request::getRemoteAddress()); + $content->assign('requestID', OC_Request::getRequestID()); + $content->printPage(); + die(); } } |