From afc8f282e0752152083233cb8c25f23ef239019a Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 23 Apr 2010 08:13:16 +0000
Subject: [PATCH] errorreport: Fix exception data in html source & clean up
 code.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2268 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Utilities.php | 73 +++++++++++++--------------
 templates/error.php          | 40 ++++-----------
 www/errorreport.php          | 96 ++++++++++++++----------------------
 3 files changed, 81 insertions(+), 128 deletions(-)

diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 18ff41bc4..c21b76a4a 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -542,7 +542,7 @@ class SimpleSAML_Utilities {
 	}
 
 
-	/** 
+	/**
 	 * Show and log fatal error message.
 	 *
 	 * This function logs a error message to the error log and shows the
@@ -551,19 +551,20 @@ class SimpleSAML_Utilities {
 	 * The error code comes from the errors-dictionary. It can optionally include parameters, which
 	 * will be substituted into the output string.
 	 *
-	 * @param string $trackid  The trackid of the user, from $session->getTrackID().
-	 * @param mixed $errorcode  Either a string with the error code, or an array with the error code and
+	 * @param string $trackId  The trackid of the user, from $session->getTrackID().
+	 * @param mixed $errorCode  Either a string with the error code, or an array with the error code and
 	 *                          additional parameters.
 	 * @param Exception $e  The exception which caused the error.
 	 */
-	public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null) {
-	
+	public static function fatalError($trackId = 'na', $errorCode = null, Exception $e = null) {
+
 		$config = SimpleSAML_Configuration::getInstance();
+		$session = SimpleSAML_Session::getInstance();
 
-		if(is_array($errorcode)) {
-			$parameters = $errorcode;
+		if (is_array($errorCode)) {
+			$parameters = $errorCode;
 			unset($parameters[0]);
-			$errorcode = $errorcode[0];
+			$errorCode = $errorCode[0];
 		} else {
 			$parameters = array();
 		}
@@ -572,15 +573,15 @@ class SimpleSAML_Utilities {
 		$emsg   = (empty($e) ? 'No exception available' : $e->getMessage());
 		$etrace = (empty($e) ? 'No exception available' : self::formatBacktrace($e));
 
-		if(!empty($errorcode) && count($parameters) > 0) {
+		if (!empty($errorCode) && count($parameters) > 0) {
 			$reptext = array();
 			foreach($parameters as $k => $v) {
 				$reptext[] = '"' . $k . '"' . ' => "' . $v . '"';
 			}
 			$reptext = '(' . implode(', ', $reptext) . ')';
-			$error = $errorcode . $reptext;
-		} elseif(!empty($errorcode)) {
-			$error = $errorcode;
+			$error = $errorCode . $reptext;
+		} elseif(!empty($errorCode)) {
+			$error = $errorCode;
 		} else {
 			$error = 'na';
 		}
@@ -594,52 +595,46 @@ class SimpleSAML_Utilities {
 				SimpleSAML_Logger::error($line);
 			}
 		}
-		
-		$languagefile = null;
-		if (isset($errorcode)) $languagefile = 'errors';
-		
-		// Initialize a template
-		$t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
-		
-		
-		$t->data['errorcode'] = $errorcode;
-		$t->data['parameters'] = $parameters;
 
+		$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
+		SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.');
+
+		$errorData = array(
+			'exceptionMsg' => $emsg,
+			'exceptionTrace' => $etrace,
+			'reportId' => $reportId,
+			'trackId' => $trackId,
+			'url' => self::selfURLNoQuery(),
+			'version' => $config->getVersion(),
+		);
+		$session->setData('core:errorreport', $reportId, $errorData);
+
+		$t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
 		$t->data['showerrors'] = $config->getBoolean('showerrors', true);
+		$t->data['error'] = $errorData;
+		$t->data['errorCode'] = $errorCode;
+		$t->data['parameters'] = $parameters;
 
 		/* Check if there is a valid technical contact email address. */
 		if($config->getString('technicalcontact_email', 'na@example.org') !== 'na@example.org') {
 			/* Enable error reporting. */
 			$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
-			$t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
-
-		} else {
-			/* Disable error reporting. */
-			$t->data['errorreportaddress'] = NULL;
+			$t->data['errorReportAddress'] = $baseurl . 'errorreport.php';
 		}
 
-		$session = SimpleSAML_Session::getInstance();
 		$attributes = $session->getAttributes();
-		if(is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
+		if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
 			$email = $attributes['mail'][0];
 		} else {
 			$email = '';
 		}
 		$t->data['email'] = $email;
 
-		$t->data['exceptionmsg'] = $emsg;
-		$t->data['exceptiontrace'] = $etrace;
-		
-		$t->data['trackid'] = $trackid;
-		
-		$t->data['version'] = $config->getVersion();
-		$t->data['url'] = self::selfURLNoQuery();
-		
 		$t->show();
-		
 		exit;
 	}
-	
+
+
 	/**
 	 * Check whether an IP address is part of an CIDR.
 	 */
diff --git a/templates/error.php b/templates/error.php
index 8c8b9cea5..fadbab0e0 100644
--- a/templates/error.php
+++ b/templates/error.php
@@ -9,41 +9,28 @@
 ?>
 
 
-	<h2><?php 
-		echo $this->t('title_' . $this->data['errorcode']); 
-	?></h2>
+	<h2><?php echo $this->t('title_' . $this->data['errorCode']); ?></h2>
 
 <?php
-$descr = $this->t('descr_' . $this->data['errorcode'], $this->data['parameters']);
-if($descr) {
-	echo htmlspecialchars($descr);
-}
+echo htmlspecialchars($this->t('descr_' . $this->data['errorCode'], $this->data['parameters']));
 ?>
 
-<?php
-/* Print out the track id if it exists. */
-if(array_key_exists('trackid', $this->data)) {
-?>
 	<div class="trackidtext">
 		<?php echo $this->t('report_trackid'); ?>
-		<span class="trackid"><?php echo $this->data['trackid']; ?></span>
+		<span class="trackid"><?php echo $this->data['error']['trackId']; ?></span>
 	</div>
-<?php
-}
-?>
 		
 
 <?php
 /* Print out exception only if the exception is available. */
-if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
+if ($this->data['showerrors']) {
 ?>
 		<h2><?php echo $this->t('debuginfo_header'); ?></h2>
 		<p><?php echo $this->t('debuginfo_text'); ?></p>
 		
 		<div style="border: 1px solid #eee; padding: 1em; font-size: x-small">
-			<p style="margin: 1px"><?php echo htmlentities($this->data['exceptionmsg']); ?></p>
-			<pre style=" padding: 1em; font-family: monospace; "><?php echo htmlentities($this->data['exceptiontrace']); ?>
-			</pre>
+			<p style="margin: 1px"><?php echo htmlspecialchars($this->data['error']['exceptionMsg']); ?></p>
+			<pre style=" padding: 1em; font-family: monospace; "><?php echo htmlspecialchars($this->data['error']['exceptionTrace']); ?></pre>
 		</div>
 <?php
 }
@@ -53,26 +40,19 @@ if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
 /* Add error report submit section if we have a valid technical contact. 'errorreportaddress' will only be set if
  * the technical contact email address has been set.
  */
-if (!empty($this->data['errorreportaddress'])) {
+if (isset($this->data['errorReportAddress'])) {
 ?>
 
 	<h2><?php echo $this->t('report_header'); ?></h2>
-	<form action="<?php echo htmlspecialchars($this->data['errorreportaddress']); ?>" method="post">
+	<form action="<?php echo htmlspecialchars($this->data['errorReportAddress']); ?>" method="post">
 	
 		<p><?php echo $this->t('report_text'); ?></p>
-			<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" />
+		<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" />
 	
 		<p>
 		<textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea>
 		</p><p>
-		<input type="hidden" name="version" value="<?php echo htmlspecialchars($this->data['version']); ?>" />
-		<input type="hidden" name="trackid" value="<?php echo htmlspecialchars($this->data['trackid']); ?>" />
-		<input type="hidden" name="exceptionmsg" value="<?php echo htmlspecialchars($this->data['exceptionmsg']); ?>" />
-		<input type="hidden" name="exceptiontrace" value="<?php echo htmlspecialchars($this->data['exceptiontrace']); ?>" />
-		<input type="hidden" name="errorcode" value="<?php echo htmlspecialchars($this->data['errorcode']); ?>" />
-		<input type="hidden" name="parameters" value="<?php echo htmlspecialchars(var_export($this->data['parameters'], TRUE)); ?>" />
-		<input type="hidden" name="url" value="<?php echo htmlspecialchars($this->data['url']); ?>" />
-
+		<input type="hidden" name="reportId" value="<?php echo $this->data['error']['reportId']; ?>" />
 		<input type="submit" name="send" value="<?php echo $this->t('report_submit'); ?>" />
 		</p>
 	</form>
diff --git a/www/errorreport.php b/www/errorreport.php
index 4d424e68d..addf56a3c 100644
--- a/www/errorreport.php
+++ b/www/errorreport.php
@@ -13,42 +13,26 @@ if($_SERVER['REQUEST_METHOD'] !== 'POST') {
 	exit;
 }
 
-
-/* Format of the email.
- * POST fields will be added to the email in the order they appear here, and with the description
- * from the value in the array.
- *
- * DEPRECATED. Included as reference of incoming parameters.
- */
-$mailFormat = array(
-	'email' => 'Email address of submitter',
-	'url' => 'URL of page where the error occured',
-	'errorcode' => 'Error code',
-	'parameters' => 'Parameters for the error',
-	'text' => 'Message from user',
-	'trackid' => 'Track id for the user\' session',
-	'exceptionmsg' => 'Exception message',
-	'exceptiontrace' => 'Exception backtrace',
-	'version' => 'simpleSAMLphp version',
-	);
-
-/* POST fields we can safely ignore. */
-$ignoredFields = array(
-	'send',
+$reportId = (string)$_REQUEST['reportId'];
+$email = (string)$_REQUEST['email'];
+$text = htmlspecialchars((string)$_REQUEST['text']);
+
+$session = SimpleSAML_Session::getInstance();
+$data = $session->getData('core:errorreport', $reportId);
+
+if ($data === NULL) {
+	$data = array(
+		'exceptionMsg' => 'not set',
+		'exceptionTrace' => 'not set',
+		'reportId' => $reportId,
+		'trackId' => $session->getTrackId(),
+		'url' => 'not set',
+		'version' => $config->getVersion(),
 	);
+}
 
-/* Generate a error ID, and add it to both the log and the error message. This should make it
- * simple to find the error in the logs.
- */
-$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
-SimpleSAML_Logger::error('Error report with  id ' . $reportId . ' generated.');
-
-
-function getPValue($key) {
-	if (array_key_exists($key, $_POST)) {
-		return strip_tags($_POST[$key]);
-	}
-	return 'not set';
+foreach ($data as $k => $v) {
+	$data[$k] = htmlspecialchars($v);
 }
 
 /* Build the email message. */
@@ -56,23 +40,23 @@ function getPValue($key) {
 $message = '<h1>SimpleSAMLphp Error Report</h1>
 
 <p>Message from user:</p>
-<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . getPValue('text') . '</div>
+<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . htmlspecialchars($text) . '</div>
 
-<p>Exception: <strong>' . getPValue('exceptionmsg') . '</strong></p>
-<pre>' . getPValue('exceptiontrace') . '</pre>
+<p>Exception: <strong>' . $data['exceptionMsg'] . '</strong></p>
+<pre>' . $data['exceptionTrace'] . '</pre>
 
 <p>URL:</p>
-<pre><a href="' . getPValue('url') . '">' . getPValue('url') . '</a></pre>
+<pre><a href="' . $data['url'] . '">' . $data['url'] . '</a></pre>
 
 <p>Directory:</p>
 <pre>' . dirname(dirname(__FILE__)) . '</pre>
 
 <p>Track ID:</p>
-<pre>' . getPValue('trackid') . '</pre>
+<pre>' . $data['trackId'] . '</pre>
 
-<p>Version: <tt>' . getPValue('version') . '</tt></p>
+<p>Version: <tt>' . $data['version'] . '</tt></p>
 
-<p>Report ID: <tt>' . $reportId . '</tt></p>
+<p>Report ID: <tt>' . $data['reportId'] . '</tt></p>
 
 <hr />
 <div class="footer">This message was sent using simpleSAMLphp. Visit <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp homepage</a>.</div>
@@ -81,30 +65,24 @@ $message = '<h1>SimpleSAMLphp Error Report</h1>
 
 
 /* Add the email address of the submitter as the Reply-To address. */
-$replyto = NULL;
-$from = 'no-reply@simplesamlphp.org';
-if(array_key_exists('email', $_POST)) {
-	$email = $_POST['email'];
-	$email = trim($email);
-	/* Check that it looks like a valid email address. */
-	if(!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) {
-		$replyto = $email;
-		$from = $email;
-	}
+$email = trim($email);
+/* Check that it looks like a valid email address. */
+if (!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) {
+	$replyto = $email;
+	$from = $email;
+} else {
+	$replyto = NULL;
+	$from = 'no-reply@simplesamlphp.org';
 }
 
 /* Send the email. */
-$toaddress = $config->getString('technicalcontact_email', 'na@example.org');
-if ($toaddress !== 'na@example.org') {
-	
-	$email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp error report', $from);
+$toAddress = $config->getString('technicalcontact_email', 'na@example.org');
+if ($toAddress !== 'na@example.org') {
+	$email = new SimpleSAML_XHTML_EMail($toAddress, 'simpleSAMLphp error report', $from);
 	$email->setBody($message);
 	$email->send();
+	SimpleSAML_Logger::error('Report with id ' . $reportId . ' sent to <' . $toAddress . '>.');
 }
 
-
-
 /* Redirect the user back to this page to clear the POST request. */
 SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery());
-
-?>
\ No newline at end of file
-- 
GitLab