From afc8f282e0752152083233cb8c25f23ef239019a Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Fri, 23 Apr 2010 08:13:16 +0000 Subject: [PATCH] errorreport: Fix exception data in html source & clean up code. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2268 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Utilities.php | 73 +++++++++++++-------------- templates/error.php | 40 ++++----------- www/errorreport.php | 96 ++++++++++++++---------------------- 3 files changed, 81 insertions(+), 128 deletions(-) diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index 18ff41bc4..c21b76a4a 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -542,7 +542,7 @@ class SimpleSAML_Utilities { } - /** + /** * Show and log fatal error message. * * This function logs a error message to the error log and shows the @@ -551,19 +551,20 @@ class SimpleSAML_Utilities { * The error code comes from the errors-dictionary. It can optionally include parameters, which * will be substituted into the output string. * - * @param string $trackid The trackid of the user, from $session->getTrackID(). - * @param mixed $errorcode Either a string with the error code, or an array with the error code and + * @param string $trackId The trackid of the user, from $session->getTrackID(). + * @param mixed $errorCode Either a string with the error code, or an array with the error code and * additional parameters. * @param Exception $e The exception which caused the error. */ - public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null) { - + public static function fatalError($trackId = 'na', $errorCode = null, Exception $e = null) { + $config = SimpleSAML_Configuration::getInstance(); + $session = SimpleSAML_Session::getInstance(); - if(is_array($errorcode)) { - $parameters = $errorcode; + if (is_array($errorCode)) { + $parameters = $errorCode; unset($parameters[0]); - $errorcode = $errorcode[0]; + $errorCode = $errorCode[0]; } else { $parameters = array(); } @@ -572,15 +573,15 @@ class SimpleSAML_Utilities { $emsg = (empty($e) ? 'No exception available' : $e->getMessage()); $etrace = (empty($e) ? 'No exception available' : self::formatBacktrace($e)); - if(!empty($errorcode) && count($parameters) > 0) { + if (!empty($errorCode) && count($parameters) > 0) { $reptext = array(); foreach($parameters as $k => $v) { $reptext[] = '"' . $k . '"' . ' => "' . $v . '"'; } $reptext = '(' . implode(', ', $reptext) . ')'; - $error = $errorcode . $reptext; - } elseif(!empty($errorcode)) { - $error = $errorcode; + $error = $errorCode . $reptext; + } elseif(!empty($errorCode)) { + $error = $errorCode; } else { $error = 'na'; } @@ -594,52 +595,46 @@ class SimpleSAML_Utilities { SimpleSAML_Logger::error($line); } } - - $languagefile = null; - if (isset($errorcode)) $languagefile = 'errors'; - - // Initialize a template - $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile); - - - $t->data['errorcode'] = $errorcode; - $t->data['parameters'] = $parameters; + $reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4)); + SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.'); + + $errorData = array( + 'exceptionMsg' => $emsg, + 'exceptionTrace' => $etrace, + 'reportId' => $reportId, + 'trackId' => $trackId, + 'url' => self::selfURLNoQuery(), + 'version' => $config->getVersion(), + ); + $session->setData('core:errorreport', $reportId, $errorData); + + $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors'); $t->data['showerrors'] = $config->getBoolean('showerrors', true); + $t->data['error'] = $errorData; + $t->data['errorCode'] = $errorCode; + $t->data['parameters'] = $parameters; /* Check if there is a valid technical contact email address. */ if($config->getString('technicalcontact_email', 'na@example.org') !== 'na@example.org') { /* Enable error reporting. */ $baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL(); - $t->data['errorreportaddress'] = $baseurl . 'errorreport.php'; - - } else { - /* Disable error reporting. */ - $t->data['errorreportaddress'] = NULL; + $t->data['errorReportAddress'] = $baseurl . 'errorreport.php'; } - $session = SimpleSAML_Session::getInstance(); $attributes = $session->getAttributes(); - if(is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { + if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) { $email = $attributes['mail'][0]; } else { $email = ''; } $t->data['email'] = $email; - $t->data['exceptionmsg'] = $emsg; - $t->data['exceptiontrace'] = $etrace; - - $t->data['trackid'] = $trackid; - - $t->data['version'] = $config->getVersion(); - $t->data['url'] = self::selfURLNoQuery(); - $t->show(); - exit; } - + + /** * Check whether an IP address is part of an CIDR. */ diff --git a/templates/error.php b/templates/error.php index 8c8b9cea5..fadbab0e0 100644 --- a/templates/error.php +++ b/templates/error.php @@ -9,41 +9,28 @@ ?> - <h2><?php - echo $this->t('title_' . $this->data['errorcode']); - ?></h2> + <h2><?php echo $this->t('title_' . $this->data['errorCode']); ?></h2> <?php -$descr = $this->t('descr_' . $this->data['errorcode'], $this->data['parameters']); -if($descr) { - echo htmlspecialchars($descr); -} +echo htmlspecialchars($this->t('descr_' . $this->data['errorCode'], $this->data['parameters'])); ?> -<?php -/* Print out the track id if it exists. */ -if(array_key_exists('trackid', $this->data)) { -?> <div class="trackidtext"> <?php echo $this->t('report_trackid'); ?> - <span class="trackid"><?php echo $this->data['trackid']; ?></span> + <span class="trackid"><?php echo $this->data['error']['trackId']; ?></span> </div> -<?php -} -?> <?php /* Print out exception only if the exception is available. */ -if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) { +if ($this->data['showerrors']) { ?> <h2><?php echo $this->t('debuginfo_header'); ?></h2> <p><?php echo $this->t('debuginfo_text'); ?></p> <div style="border: 1px solid #eee; padding: 1em; font-size: x-small"> - <p style="margin: 1px"><?php echo htmlentities($this->data['exceptionmsg']); ?></p> - <pre style=" padding: 1em; font-family: monospace; "><?php echo htmlentities($this->data['exceptiontrace']); ?> - </pre> + <p style="margin: 1px"><?php echo htmlspecialchars($this->data['error']['exceptionMsg']); ?></p> + <pre style=" padding: 1em; font-family: monospace; "><?php echo htmlspecialchars($this->data['error']['exceptionTrace']); ?></pre> </div> <?php } @@ -53,26 +40,19 @@ if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) { /* Add error report submit section if we have a valid technical contact. 'errorreportaddress' will only be set if * the technical contact email address has been set. */ -if (!empty($this->data['errorreportaddress'])) { +if (isset($this->data['errorReportAddress'])) { ?> <h2><?php echo $this->t('report_header'); ?></h2> - <form action="<?php echo htmlspecialchars($this->data['errorreportaddress']); ?>" method="post"> + <form action="<?php echo htmlspecialchars($this->data['errorReportAddress']); ?>" method="post"> <p><?php echo $this->t('report_text'); ?></p> - <p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" /> + <p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" /> <p> <textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea> </p><p> - <input type="hidden" name="version" value="<?php echo htmlspecialchars($this->data['version']); ?>" /> - <input type="hidden" name="trackid" value="<?php echo htmlspecialchars($this->data['trackid']); ?>" /> - <input type="hidden" name="exceptionmsg" value="<?php echo htmlspecialchars($this->data['exceptionmsg']); ?>" /> - <input type="hidden" name="exceptiontrace" value="<?php echo htmlspecialchars($this->data['exceptiontrace']); ?>" /> - <input type="hidden" name="errorcode" value="<?php echo htmlspecialchars($this->data['errorcode']); ?>" /> - <input type="hidden" name="parameters" value="<?php echo htmlspecialchars(var_export($this->data['parameters'], TRUE)); ?>" /> - <input type="hidden" name="url" value="<?php echo htmlspecialchars($this->data['url']); ?>" /> - + <input type="hidden" name="reportId" value="<?php echo $this->data['error']['reportId']; ?>" /> <input type="submit" name="send" value="<?php echo $this->t('report_submit'); ?>" /> </p> </form> diff --git a/www/errorreport.php b/www/errorreport.php index 4d424e68d..addf56a3c 100644 --- a/www/errorreport.php +++ b/www/errorreport.php @@ -13,42 +13,26 @@ if($_SERVER['REQUEST_METHOD'] !== 'POST') { exit; } - -/* Format of the email. - * POST fields will be added to the email in the order they appear here, and with the description - * from the value in the array. - * - * DEPRECATED. Included as reference of incoming parameters. - */ -$mailFormat = array( - 'email' => 'Email address of submitter', - 'url' => 'URL of page where the error occured', - 'errorcode' => 'Error code', - 'parameters' => 'Parameters for the error', - 'text' => 'Message from user', - 'trackid' => 'Track id for the user\' session', - 'exceptionmsg' => 'Exception message', - 'exceptiontrace' => 'Exception backtrace', - 'version' => 'simpleSAMLphp version', - ); - -/* POST fields we can safely ignore. */ -$ignoredFields = array( - 'send', +$reportId = (string)$_REQUEST['reportId']; +$email = (string)$_REQUEST['email']; +$text = htmlspecialchars((string)$_REQUEST['text']); + +$session = SimpleSAML_Session::getInstance(); +$data = $session->getData('core:errorreport', $reportId); + +if ($data === NULL) { + $data = array( + 'exceptionMsg' => 'not set', + 'exceptionTrace' => 'not set', + 'reportId' => $reportId, + 'trackId' => $session->getTrackId(), + 'url' => 'not set', + 'version' => $config->getVersion(), ); +} -/* Generate a error ID, and add it to both the log and the error message. This should make it - * simple to find the error in the logs. - */ -$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4)); -SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.'); - - -function getPValue($key) { - if (array_key_exists($key, $_POST)) { - return strip_tags($_POST[$key]); - } - return 'not set'; +foreach ($data as $k => $v) { + $data[$k] = htmlspecialchars($v); } /* Build the email message. */ @@ -56,23 +40,23 @@ function getPValue($key) { $message = '<h1>SimpleSAMLphp Error Report</h1> <p>Message from user:</p> -<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . getPValue('text') . '</div> +<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . htmlspecialchars($text) . '</div> -<p>Exception: <strong>' . getPValue('exceptionmsg') . '</strong></p> -<pre>' . getPValue('exceptiontrace') . '</pre> +<p>Exception: <strong>' . $data['exceptionMsg'] . '</strong></p> +<pre>' . $data['exceptionTrace'] . '</pre> <p>URL:</p> -<pre><a href="' . getPValue('url') . '">' . getPValue('url') . '</a></pre> +<pre><a href="' . $data['url'] . '">' . $data['url'] . '</a></pre> <p>Directory:</p> <pre>' . dirname(dirname(__FILE__)) . '</pre> <p>Track ID:</p> -<pre>' . getPValue('trackid') . '</pre> +<pre>' . $data['trackId'] . '</pre> -<p>Version: <tt>' . getPValue('version') . '</tt></p> +<p>Version: <tt>' . $data['version'] . '</tt></p> -<p>Report ID: <tt>' . $reportId . '</tt></p> +<p>Report ID: <tt>' . $data['reportId'] . '</tt></p> <hr /> <div class="footer">This message was sent using simpleSAMLphp. Visit <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp homepage</a>.</div> @@ -81,30 +65,24 @@ $message = '<h1>SimpleSAMLphp Error Report</h1> /* Add the email address of the submitter as the Reply-To address. */ -$replyto = NULL; -$from = 'no-reply@simplesamlphp.org'; -if(array_key_exists('email', $_POST)) { - $email = $_POST['email']; - $email = trim($email); - /* Check that it looks like a valid email address. */ - if(!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) { - $replyto = $email; - $from = $email; - } +$email = trim($email); +/* Check that it looks like a valid email address. */ +if (!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) { + $replyto = $email; + $from = $email; +} else { + $replyto = NULL; + $from = 'no-reply@simplesamlphp.org'; } /* Send the email. */ -$toaddress = $config->getString('technicalcontact_email', 'na@example.org'); -if ($toaddress !== 'na@example.org') { - - $email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp error report', $from); +$toAddress = $config->getString('technicalcontact_email', 'na@example.org'); +if ($toAddress !== 'na@example.org') { + $email = new SimpleSAML_XHTML_EMail($toAddress, 'simpleSAMLphp error report', $from); $email->setBody($message); $email->send(); + SimpleSAML_Logger::error('Report with id ' . $reportId . ' sent to <' . $toAddress . '>.'); } - - /* Redirect the user back to this page to clear the POST request. */ SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery()); - -?> \ No newline at end of file -- GitLab