Added error report script, and changed simpleSAMLphp to use that script.

The 'errorreportaddress' configuration option is now removed, and the user
must set the 'technicalcontact_email' to enable error reporting.

This patch introduces two new strings which should be translated, both
in dict/errors.php:
'errorreport_header': Error report sent
'errorreport_text': The error report has been sent to the administrators.

A more descriptive message should probably be set as the text.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@605 44740490-163a-0410-bde0-09ae8108e29a

config-templates/config.php

@@ -39,7 +39,6 @@ $config = array (
 	 */
 	'debug'                 =>	false,
 	'showerrors'            =>	true,
-	'errorreportaddress'    =>  'http://rnd.feide.no/content/sending-information-simplesamlphp',
 
 	/**
 	 * This option allows you to enable validation of SAML 2.0 messages against their
@@ -68,6 +67,7 @@ $config = array (
 	
 	/*
 	 * Some information about the technical persons running this installation.
+	 * The email address will be used as the recipient address for error reports.
 	 */
 	'technicalcontact_name'     => 'Administrator',
 	'technicalcontact_email'    => 'na@example.org',

dictionaries/errors.php

@@ -167,6 +167,12 @@ $lang = array(
 		'hr' => 'Ova greška se vjerojatno javila zbog neočekivanog ponašanja ili neispravnog konfiguriranja simpleSAMLphp-a. Kontaktirajte administratora i pošaljite mu gore navedenu poruku o greški.',
 		'hu' => 'Ez a hiba valószínűleg a simpleSAMLphp nem várt működésével vagy félrekonfigurálásával kapcsolatos. Kérjük, keresse meg a bejelentkező szolgáltatás adminisztrátorát, és küldje el neki a fenti hibaüzenetet!',
 	),
+	'errorreport_header' => array (
+		'en' => 'Error report sent',
+	),
+	'errorreport_text' => array (
+		'en' => 'The error report has been sent to the administrators.',
+	),
 	'title_CACHEAUTHNREQUEST' => array (
 		'no' => 'Feil ved fellesinnlogging',
 		'nn' => 'Feil under Single Sign-On til webtenesta',

lib/SimpleSAML/Utilities.php

@@ -380,15 +380,25 @@ class SimpleSAML_Utilities {
 		$t->data['errorcode'] = $errorcode;
 		
 		$t->data['showerrors'] = $config->getValue('showerrors', true);
-		$t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null); 
-		
+
+		/* Check if there is a valid technical contact email address. */
+		if($config->getValue('technicalcontact_email', 'na@example.org') !== 'na@example.org') {
+			/* Enable error reporting. */
+			$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
+			$t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
+
+		} else {
+			/* Disable error reporting. */
+			$t->data['errorreportaddress'] = NULL;
+		}
+
 		$t->data['exceptionmsg'] = $emsg;
 		$t->data['exceptiontrace'] = $etrace;
 		
 		$t->data['trackid'] = $trackid;
 		
 		$t->data['version'] = $config->getValue('version', 'na');
-		$t->data['email'] = $config->getValue('technicalcontact_email', 'na');
+		$t->data['url'] = self::selfURLNoQuery();
 		
 		$t->show();
 		

templates/default/error.php

@@ -47,12 +47,14 @@ if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
 ?>
 
 <?php
-/* Print out exception only if the exception is available. */
+/* Add error report submit section if we have a valid technical contact. 'errorreportaddress' will only be set if
+ * the technical contact email address has been set.
+ */
 if (!empty($this->data['errorreportaddress'])) {
 ?>
 
 	<h2><?php echo $this->t('report_header'); ?></h2>
-	<form action="<?php echo $this->data['errorreportaddress']; ?>" method="post">
+	<form action="<?php echo htmlspecialchars($this->data['errorreportaddress']); ?>" method="post">
 	
 		<p><?php echo $this->t('report_text'); ?></p>
 			<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="" />
@@ -60,13 +62,13 @@ if (!empty($this->data['errorreportaddress'])) {
 		<p>
 		<textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea>
 		</p><p>
-		<input type="hidden" name="action" value="error" />
-		<input type="hidden" name="techemail" value="<?php echo $this->data['email']; ?>" />
-		<input type="hidden" name="version" value="<?php echo $this->data['version']; ?>" />
-		<input type="hidden" name="trackid" value="<?php echo $this->data['trackid']; ?>" />
-		<input type="hidden" name="exceptionmsg" value="<?php echo urlencode(base64_encode($this->data['exceptionmsg'])); ?>" />
-		<input type="hidden" name="exceptiontrace" value="<?php echo urlencode(base64_encode($this->data['exceptiontrace'])); ?>" />
-		
+		<input type="hidden" name="version" value="<?php echo htmlspecialchars($this->data['version']); ?>" />
+		<input type="hidden" name="trackid" value="<?php echo htmlspecialchars($this->data['trackid']); ?>" />
+		<input type="hidden" name="exceptionmsg" value="<?php echo htmlspecialchars($this->data['exceptionmsg']); ?>" />
+		<input type="hidden" name="exceptiontrace" value="<?php echo htmlspecialchars($this->data['exceptiontrace']); ?>" />
+		<input type="hidden" name="errorcode" value="<?php echo htmlspecialchars($this->data['errorcode']); ?>" />
+		<input type="hidden" name="url" value="<?php echo htmlspecialchars($this->data['url']); ?>" />
+
 		<input type="submit" name="send" value="<?php echo $this->t('report_submit'); ?>" />
 		</p>
 	</form>

templates/default/errorreport.php

+<?php
+	$this->data['header'] = $this->t('errorreport_header');
+	$this->data['icon'] = 'bomb_l.png';
+	$this->includeAtTemplateBase('includes/header.php');
+?>
+<div id="content">
+<h2><? echo $this->t('errorreport_header'); ?></h2>
+<p><? echo $this->t('errorreport_text'); ?></p>
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file

www/errorreport.php

+<?php
+
+require_once('_include.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Logger.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/XHTML/Template.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+
+/* This page will redirect to itself after processing a POST request and sending the email. */
+if($_SERVER['REQUEST_METHOD'] !== 'POST') {
+	/* The message has been sent. Show error report page. */
+
+	$t = new SimpleSAML_XHTML_Template($config, 'errorreport.php', 'errors.php');
+	$t->show();
+	exit;
+}
+
+
+/* Format of the email.
+ * POST fields will be added to the email in the order they appear here, and with the description
+ * from the value in the array.
+ */
+$mailFormat = array(
+	'email' => 'Email address of submitter',
+	'url' => 'URL of page where the error occured',
+	'errorcode' => 'Error code',
+	'text' => 'Message from user',
+	'trackid' => 'Track id for the user\' session',
+	'exceptionmsg' => 'Exception message',
+	'exceptiontrace' => 'Exception backtrace',
+	'version' => 'simpleSAMLphp version',
+	);
+
+/* POST fields we can safely ignore. */
+$ignoredFields = array(
+	'send',
+	);
+
+/* Generate a error ID, and add it to both the log and the error message. This should make it
+ * simple to find the error in the logs.
+ */
+$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
+SimpleSAML_Logger::error('Error report with  id ' . $reportId . ' generated.');
+
+/* Build the email message. */
+
+$message = '';
+
+/**
+ * Format and add a section to the email message.
+ *
+ * @param $title  The title of the section.
+ * @param $content  The content of the section.
+ */
+function addMessageSection($title, $content) {
+	global $message;
+
+	$message .= $title . "\n";
+	$message .= "===============================================================\n";
+
+	foreach(split("\n", $content) as $line) {
+		$message .= ' ' . $line . "\n";
+	}
+
+	$message .= "\n";
+}
+
+/* Add the default fields to the message. */
+foreach($mailFormat as $key => $desc) {
+	if(!array_key_exists($key, $_POST)) {
+		/* Not included in the POST message, skip. */
+		continue;
+	}
+
+	$data = $_POST[$key];
+
+	addMessageSection($desc, $data);
+}
+
+/* Add any unknown fields to the message. */
+foreach($_POST as $key => $data) {
+
+	/* Skip known fields. */
+	if(array_key_exists($key, $mailFormat)) {
+		continue;
+	}
+
+	/* Skip ignored fields. */
+	if(in_array($key, $ignoredFields, TRUE)) {
+		continue;
+	}
+
+	$title = 'Unknown field: ' . $key;
+	addMessageSection($title, $data);
+}
+
+
+/* Add footer to message. */
+$message .= 'Error report id: ' . $reportId . "\n";
+$message .= "You may search the logs for this id to find the location\n";
+$message .= "where this report was sent.\n";
+
+/* We want to use UTF-8 encoding of the email message. */
+$headers = 'MIME-Version: 1.0' . "\r\n";
+$headers .= 'Content-Type: text/plain; charset="UTF-8"' . "\r\n";
+
+/* Send the email. */
+$email = $config->getValue('technicalcontact_email', 'na@example.org');
+if($email !== 'na@example.org') {
+	/* This should always be TRUE, as the error report button should not appear unless
+	 * the email is set.
+	 */
+	mail($email, 'simpleSAMLphp error report', $message, $headers);
+}
+
+/* Redirect the user back to this page to clear the POST request. */
+SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery());
+
+?>
\ No newline at end of file