From 73ec0d7d5715f9122060317ecb1eb11bc52ae1b0 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 5 Jun 2008 09:08:33 +0000
Subject: [PATCH] Added error report script, and changed simpleSAMLphp to use
that script.
The 'errorreportaddress' configuration option is now removed, and the user
must set the 'technicalcontact_email' to enable error reporting.
This patch introduces two new strings which should be translated, both
in dict/errors.php:
'errorreport_header': Error report sent
'errorreport_text': The error report has been sent to the administrators.
A more descriptive message should probably be set as the text.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@605 44740490-163a-0410-bde0-09ae8108e29a
---
config-templates/config.php | 2 +-
dictionaries/errors.php | 6 ++
lib/SimpleSAML/Utilities.php | 16 +++-
templates/default/error.php | 20 ++---
templates/default/errorreport.php | 9 +++
www/errorreport.php | 121 ++++++++++++++++++++++++++++++
6 files changed, 161 insertions(+), 13 deletions(-)
create mode 100644 templates/default/errorreport.php
create mode 100644 www/errorreport.php
diff --git a/config-templates/config.php b/config-templates/config.php
index 9323ddea4..d9fa2dde5 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -39,7 +39,6 @@ $config = array (
*/
'debug' => false,
'showerrors' => true,
- 'errorreportaddress' => 'http://rnd.feide.no/content/sending-information-simplesamlphp',
/**
* This option allows you to enable validation of SAML 2.0 messages against their
@@ -68,6 +67,7 @@ $config = array (
/*
* Some information about the technical persons running this installation.
+ * The email address will be used as the recipient address for error reports.
*/
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'na@example.org',
diff --git a/dictionaries/errors.php b/dictionaries/errors.php
index 2de32600c..b9e9437f2 100644
--- a/dictionaries/errors.php
+++ b/dictionaries/errors.php
@@ -167,6 +167,12 @@ $lang = array(
'hr' => 'Ova greška se vjerojatno javila zbog neočekivanog ponašanja ili neispravnog konfiguriranja simpleSAMLphp-a. Kontaktirajte administratora i pošaljite mu gore navedenu poruku o greški.',
'hu' => 'Ez a hiba valĂłszĂnűleg a simpleSAMLphp nem várt működĂ©sĂ©vel vagy fĂ©lrekonfigurálásával kapcsolatos. KĂ©rjĂĽk, keresse meg a bejelentkezĹ‘ szolgáltatás adminisztrátorát, Ă©s kĂĽldje el neki a fenti hibaĂĽzenetet!',
),
+ 'errorreport_header' => array (
+ 'en' => 'Error report sent',
+ ),
+ 'errorreport_text' => array (
+ 'en' => 'The error report has been sent to the administrators.',
+ ),
'title_CACHEAUTHNREQUEST' => array (
'no' => 'Feil ved fellesinnlogging',
'nn' => 'Feil under Single Sign-On til webtenesta',
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 57ed6ae89..3ee70d915 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -380,15 +380,25 @@ class SimpleSAML_Utilities {
$t->data['errorcode'] = $errorcode;
$t->data['showerrors'] = $config->getValue('showerrors', true);
- $t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null);
-
+
+ /* Check if there is a valid technical contact email address. */
+ if($config->getValue('technicalcontact_email', 'na@example.org') !== 'na@example.org') {
+ /* Enable error reporting. */
+ $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
+ $t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
+
+ } else {
+ /* Disable error reporting. */
+ $t->data['errorreportaddress'] = NULL;
+ }
+
$t->data['exceptionmsg'] = $emsg;
$t->data['exceptiontrace'] = $etrace;
$t->data['trackid'] = $trackid;
$t->data['version'] = $config->getValue('version', 'na');
- $t->data['email'] = $config->getValue('technicalcontact_email', 'na');
+ $t->data['url'] = self::selfURLNoQuery();
$t->show();
diff --git a/templates/default/error.php b/templates/default/error.php
index d9691a48c..83ad3cc3f 100644
--- a/templates/default/error.php
+++ b/templates/default/error.php
@@ -47,12 +47,14 @@ if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
?>
<?php
-/* Print out exception only if the exception is available. */
+/* Add error report submit section if we have a valid technical contact. 'errorreportaddress' will only be set if
+ * the technical contact email address has been set.
+ */
if (!empty($this->data['errorreportaddress'])) {
?>
<h2><?php echo $this->t('report_header'); ?></h2>
- <form action="<?php echo $this->data['errorreportaddress']; ?>" method="post">
+ <form action="<?php echo htmlspecialchars($this->data['errorreportaddress']); ?>" method="post">
<p><?php echo $this->t('report_text'); ?></p>
<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="" />
@@ -60,13 +62,13 @@ if (!empty($this->data['errorreportaddress'])) {
<p>
<textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea>
</p><p>
- <input type="hidden" name="action" value="error" />
- <input type="hidden" name="techemail" value="<?php echo $this->data['email']; ?>" />
- <input type="hidden" name="version" value="<?php echo $this->data['version']; ?>" />
- <input type="hidden" name="trackid" value="<?php echo $this->data['trackid']; ?>" />
- <input type="hidden" name="exceptionmsg" value="<?php echo urlencode(base64_encode($this->data['exceptionmsg'])); ?>" />
- <input type="hidden" name="exceptiontrace" value="<?php echo urlencode(base64_encode($this->data['exceptiontrace'])); ?>" />
-
+ <input type="hidden" name="version" value="<?php echo htmlspecialchars($this->data['version']); ?>" />
+ <input type="hidden" name="trackid" value="<?php echo htmlspecialchars($this->data['trackid']); ?>" />
+ <input type="hidden" name="exceptionmsg" value="<?php echo htmlspecialchars($this->data['exceptionmsg']); ?>" />
+ <input type="hidden" name="exceptiontrace" value="<?php echo htmlspecialchars($this->data['exceptiontrace']); ?>" />
+ <input type="hidden" name="errorcode" value="<?php echo htmlspecialchars($this->data['errorcode']); ?>" />
+ <input type="hidden" name="url" value="<?php echo htmlspecialchars($this->data['url']); ?>" />
+
<input type="submit" name="send" value="<?php echo $this->t('report_submit'); ?>" />
</p>
</form>
diff --git a/templates/default/errorreport.php b/templates/default/errorreport.php
new file mode 100644
index 000000000..1929d6426
--- /dev/null
+++ b/templates/default/errorreport.php
@@ -0,0 +1,9 @@
+<?php
+ $this->data['header'] = $this->t('errorreport_header');
+ $this->data['icon'] = 'bomb_l.png';
+ $this->includeAtTemplateBase('includes/header.php');
+?>
+<div id="content">
+<h2><? echo $this->t('errorreport_header'); ?></h2>
+<p><? echo $this->t('errorreport_text'); ?></p>
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/www/errorreport.php b/www/errorreport.php
new file mode 100644
index 000000000..f8ac581a0
--- /dev/null
+++ b/www/errorreport.php
@@ -0,0 +1,121 @@
+<?php
+
+require_once('_include.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Logger.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/XHTML/Template.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+
+/* This page will redirect to itself after processing a POST request and sending the email. */
+if($_SERVER['REQUEST_METHOD'] !== 'POST') {
+ /* The message has been sent. Show error report page. */
+
+ $t = new SimpleSAML_XHTML_Template($config, 'errorreport.php', 'errors.php');
+ $t->show();
+ exit;
+}
+
+
+/* Format of the email.
+ * POST fields will be added to the email in the order they appear here, and with the description
+ * from the value in the array.
+ */
+$mailFormat = array(
+ 'email' => 'Email address of submitter',
+ 'url' => 'URL of page where the error occured',
+ 'errorcode' => 'Error code',
+ 'text' => 'Message from user',
+ 'trackid' => 'Track id for the user\' session',
+ 'exceptionmsg' => 'Exception message',
+ 'exceptiontrace' => 'Exception backtrace',
+ 'version' => 'simpleSAMLphp version',
+ );
+
+/* POST fields we can safely ignore. */
+$ignoredFields = array(
+ 'send',
+ );
+
+/* Generate a error ID, and add it to both the log and the error message. This should make it
+ * simple to find the error in the logs.
+ */
+$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
+SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.');
+
+/* Build the email message. */
+
+$message = '';
+
+/**
+ * Format and add a section to the email message.
+ *
+ * @param $title The title of the section.
+ * @param $content The content of the section.
+ */
+function addMessageSection($title, $content) {
+ global $message;
+
+ $message .= $title . "\n";
+ $message .= "===============================================================\n";
+
+ foreach(split("\n", $content) as $line) {
+ $message .= ' ' . $line . "\n";
+ }
+
+ $message .= "\n";
+}
+
+/* Add the default fields to the message. */
+foreach($mailFormat as $key => $desc) {
+ if(!array_key_exists($key, $_POST)) {
+ /* Not included in the POST message, skip. */
+ continue;
+ }
+
+ $data = $_POST[$key];
+
+ addMessageSection($desc, $data);
+}
+
+/* Add any unknown fields to the message. */
+foreach($_POST as $key => $data) {
+
+ /* Skip known fields. */
+ if(array_key_exists($key, $mailFormat)) {
+ continue;
+ }
+
+ /* Skip ignored fields. */
+ if(in_array($key, $ignoredFields, TRUE)) {
+ continue;
+ }
+
+ $title = 'Unknown field: ' . $key;
+ addMessageSection($title, $data);
+}
+
+
+/* Add footer to message. */
+$message .= 'Error report id: ' . $reportId . "\n";
+$message .= "You may search the logs for this id to find the location\n";
+$message .= "where this report was sent.\n";
+
+/* We want to use UTF-8 encoding of the email message. */
+$headers = 'MIME-Version: 1.0' . "\r\n";
+$headers .= 'Content-Type: text/plain; charset="UTF-8"' . "\r\n";
+
+/* Send the email. */
+$email = $config->getValue('technicalcontact_email', 'na@example.org');
+if($email !== 'na@example.org') {
+ /* This should always be TRUE, as the error report button should not appear unless
+ * the email is set.
+ */
+ mail($email, 'simpleSAMLphp error report', $message, $headers);
+}
+
+/* Redirect the user back to this page to clear the POST request. */
+SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery());
+
+?>
\ No newline at end of file
--
GitLab