Don't print exception message in HTML

The exception message is potentially influenced by user input and could thus be confusing (e.g. somebody could try to open a file like "Please send a mail to support@foo.com", and then the message would include that string.

It is thus reasonable to not show the exception message by default. Also for the browser view I added an `exit()` at the end, as otherwise the XML exception would be attached.
This commit is contained in:
Lukas Reschke 2016-09-09 13:52:34 +02:00
parent b9100da2e8
commit 7350e13113
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
2 changed files with 3 additions and 5 deletions

View File

@ -31,7 +31,6 @@ use Sabre\DAV\Server;
use Sabre\DAV\ServerPlugin; use Sabre\DAV\ServerPlugin;
class BrowserErrorPagePlugin extends ServerPlugin { class BrowserErrorPagePlugin extends ServerPlugin {
/** @var Server */ /** @var Server */
private $server; private $server;
@ -88,8 +87,7 @@ class BrowserErrorPagePlugin extends ServerPlugin {
/** /**
* @codeCoverageIgnore * @codeCoverageIgnore
* @param \Exception $ex * @param \Exception $exception
* @param int $httpCode
* @return bool|string * @return bool|string
*/ */
public function generateBody(\Exception $exception) { public function generateBody(\Exception $exception) {
@ -109,10 +107,11 @@ class BrowserErrorPagePlugin extends ServerPlugin {
return $content->fetchPage(); return $content->fetchPage();
} }
/* /**
* @codeCoverageIgnore * @codeCoverageIgnore
*/ */
public function sendResponse() { public function sendResponse() {
$this->server->sapi->sendResponse($this->server->httpResponse); $this->server->sapi->sendResponse($this->server->httpResponse);
exit();
} }
} }

View File

@ -6,7 +6,6 @@ style('core', ['styles', 'header']);
?> ?>
<span class="error error-wide"> <span class="error error-wide">
<h2><strong><?php p($_['title']) ?></strong></h2> <h2><strong><?php p($_['title']) ?></strong></h2>
<p><?php p($_['message']) ?></p>
<br> <br>
<h2><strong><?php p($l->t('Technical details')) ?></strong></h2> <h2><strong><?php p($l->t('Technical details')) ?></strong></h2>