From f715b5ea2e1b75498e253181b4ed74847ba90a08 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 9 Sep 2016 13:52:34 +0200 Subject: [PATCH] Don't print exception message in HTML The exception message is potentially influenced by user input and could thus be confusing (e.g. somebody could try to open a file like "Please send a mail to support@foo.com", and then the message would include that string. It is thus reasonable to not show the exception message by default. Also for the browser view I added an `exit()` at the end, as otherwise the XML exception would be attached. --- apps/dav/lib/Files/BrowserErrorPagePlugin.php | 7 +++---- apps/dav/templates/exception.php | 5 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/apps/dav/lib/Files/BrowserErrorPagePlugin.php b/apps/dav/lib/Files/BrowserErrorPagePlugin.php index 8c257b324b..b58ce4df87 100644 --- a/apps/dav/lib/Files/BrowserErrorPagePlugin.php +++ b/apps/dav/lib/Files/BrowserErrorPagePlugin.php @@ -31,7 +31,6 @@ use Sabre\DAV\Server; use Sabre\DAV\ServerPlugin; class BrowserErrorPagePlugin extends ServerPlugin { - /** @var Server */ private $server; @@ -88,8 +87,7 @@ class BrowserErrorPagePlugin extends ServerPlugin { /** * @codeCoverageIgnore - * @param \Exception $ex - * @param int $httpCode + * @param \Exception $exception * @return bool|string */ public function generateBody(\Exception $exception) { @@ -109,10 +107,11 @@ class BrowserErrorPagePlugin extends ServerPlugin { return $content->fetchPage(); } - /* + /** * @codeCoverageIgnore */ public function sendResponse() { $this->server->sapi->sendResponse($this->server->httpResponse); + exit(); } } diff --git a/apps/dav/templates/exception.php b/apps/dav/templates/exception.php index ff3d1f3d20..c4abd205bf 100644 --- a/apps/dav/templates/exception.php +++ b/apps/dav/templates/exception.php @@ -1,7 +1,5 @@ * * @license GNU AGPL version 3 or any later version @@ -21,10 +19,11 @@ * */ style('core', ['styles', 'header']); + +/** @param $_ array */ ?>

-


t('Technical details')) ?>