From afc8f282e0752152083233cb8c25f23ef239019a Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 23 Apr 2010 08:13:16 +0000
Subject: [PATCH] errorreport: Fix exception data in html source & clean up
code.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2268 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Utilities.php | 73 +++++++++++++--------------
templates/error.php | 40 ++++-----------
www/errorreport.php | 96 ++++++++++++++----------------------
3 files changed, 81 insertions(+), 128 deletions(-)
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 18ff41bc4..c21b76a4a 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -542,7 +542,7 @@ class SimpleSAML_Utilities {
}
- /**
+ /**
* Show and log fatal error message.
*
* This function logs a error message to the error log and shows the
@@ -551,19 +551,20 @@ class SimpleSAML_Utilities {
* The error code comes from the errors-dictionary. It can optionally include parameters, which
* will be substituted into the output string.
*
- * @param string $trackid The trackid of the user, from $session->getTrackID().
- * @param mixed $errorcode Either a string with the error code, or an array with the error code and
+ * @param string $trackId The trackid of the user, from $session->getTrackID().
+ * @param mixed $errorCode Either a string with the error code, or an array with the error code and
* additional parameters.
* @param Exception $e The exception which caused the error.
*/
- public static function fatalError($trackid = 'na', $errorcode = null, Exception $e = null) {
-
+ public static function fatalError($trackId = 'na', $errorCode = null, Exception $e = null) {
+
$config = SimpleSAML_Configuration::getInstance();
+ $session = SimpleSAML_Session::getInstance();
- if(is_array($errorcode)) {
- $parameters = $errorcode;
+ if (is_array($errorCode)) {
+ $parameters = $errorCode;
unset($parameters[0]);
- $errorcode = $errorcode[0];
+ $errorCode = $errorCode[0];
} else {
$parameters = array();
}
@@ -572,15 +573,15 @@ class SimpleSAML_Utilities {
$emsg = (empty($e) ? 'No exception available' : $e->getMessage());
$etrace = (empty($e) ? 'No exception available' : self::formatBacktrace($e));
- if(!empty($errorcode) && count($parameters) > 0) {
+ if (!empty($errorCode) && count($parameters) > 0) {
$reptext = array();
foreach($parameters as $k => $v) {
$reptext[] = '"' . $k . '"' . ' => "' . $v . '"';
}
$reptext = '(' . implode(', ', $reptext) . ')';
- $error = $errorcode . $reptext;
- } elseif(!empty($errorcode)) {
- $error = $errorcode;
+ $error = $errorCode . $reptext;
+ } elseif(!empty($errorCode)) {
+ $error = $errorCode;
} else {
$error = 'na';
}
@@ -594,52 +595,46 @@ class SimpleSAML_Utilities {
SimpleSAML_Logger::error($line);
}
}
-
- $languagefile = null;
- if (isset($errorcode)) $languagefile = 'errors';
-
- // Initialize a template
- $t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
-
-
- $t->data['errorcode'] = $errorcode;
- $t->data['parameters'] = $parameters;
+ $reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
+ SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.');
+
+ $errorData = array(
+ 'exceptionMsg' => $emsg,
+ 'exceptionTrace' => $etrace,
+ 'reportId' => $reportId,
+ 'trackId' => $trackId,
+ 'url' => self::selfURLNoQuery(),
+ 'version' => $config->getVersion(),
+ );
+ $session->setData('core:errorreport', $reportId, $errorData);
+
+ $t = new SimpleSAML_XHTML_Template($config, 'error.php', 'errors');
$t->data['showerrors'] = $config->getBoolean('showerrors', true);
+ $t->data['error'] = $errorData;
+ $t->data['errorCode'] = $errorCode;
+ $t->data['parameters'] = $parameters;
/* Check if there is a valid technical contact email address. */
if($config->getString('technicalcontact_email', 'na@example.org') !== 'na@example.org') {
/* Enable error reporting. */
$baseurl = SimpleSAML_Utilities::selfURLhost() . '/' . $config->getBaseURL();
- $t->data['errorreportaddress'] = $baseurl . 'errorreport.php';
-
- } else {
- /* Disable error reporting. */
- $t->data['errorreportaddress'] = NULL;
+ $t->data['errorReportAddress'] = $baseurl . 'errorreport.php';
}
- $session = SimpleSAML_Session::getInstance();
$attributes = $session->getAttributes();
- if(is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
+ if (is_array($attributes) && array_key_exists('mail', $attributes) && count($attributes['mail']) > 0) {
$email = $attributes['mail'][0];
} else {
$email = '';
}
$t->data['email'] = $email;
- $t->data['exceptionmsg'] = $emsg;
- $t->data['exceptiontrace'] = $etrace;
-
- $t->data['trackid'] = $trackid;
-
- $t->data['version'] = $config->getVersion();
- $t->data['url'] = self::selfURLNoQuery();
-
$t->show();
-
exit;
}
-
+
+
/**
* Check whether an IP address is part of an CIDR.
*/
diff --git a/templates/error.php b/templates/error.php
index 8c8b9cea5..fadbab0e0 100644
--- a/templates/error.php
+++ b/templates/error.php
@@ -9,41 +9,28 @@
?>
- <h2><?php
- echo $this->t('title_' . $this->data['errorcode']);
- ?></h2>
+ <h2><?php echo $this->t('title_' . $this->data['errorCode']); ?></h2>
<?php
-$descr = $this->t('descr_' . $this->data['errorcode'], $this->data['parameters']);
-if($descr) {
- echo htmlspecialchars($descr);
-}
+echo htmlspecialchars($this->t('descr_' . $this->data['errorCode'], $this->data['parameters']));
?>
-<?php
-/* Print out the track id if it exists. */
-if(array_key_exists('trackid', $this->data)) {
-?>
<div class="trackidtext">
<?php echo $this->t('report_trackid'); ?>
- <span class="trackid"><?php echo $this->data['trackid']; ?></span>
+ <span class="trackid"><?php echo $this->data['error']['trackId']; ?></span>
</div>
-<?php
-}
-?>
<?php
/* Print out exception only if the exception is available. */
-if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
+if ($this->data['showerrors']) {
?>
<h2><?php echo $this->t('debuginfo_header'); ?></h2>
<p><?php echo $this->t('debuginfo_text'); ?></p>
<div style="border: 1px solid #eee; padding: 1em; font-size: x-small">
- <p style="margin: 1px"><?php echo htmlentities($this->data['exceptionmsg']); ?></p>
- <pre style=" padding: 1em; font-family: monospace; "><?php echo htmlentities($this->data['exceptiontrace']); ?>
- </pre>
+ <p style="margin: 1px"><?php echo htmlspecialchars($this->data['error']['exceptionMsg']); ?></p>
+ <pre style=" padding: 1em; font-family: monospace; "><?php echo htmlspecialchars($this->data['error']['exceptionTrace']); ?></pre>
</div>
<?php
}
@@ -53,26 +40,19 @@ if (array_key_exists('showerrors', $this->data) && $this->data['showerrors']) {
/* Add error report submit section if we have a valid technical contact. 'errorreportaddress' will only be set if
* the technical contact email address has been set.
*/
-if (!empty($this->data['errorreportaddress'])) {
+if (isset($this->data['errorReportAddress'])) {
?>
<h2><?php echo $this->t('report_header'); ?></h2>
- <form action="<?php echo htmlspecialchars($this->data['errorreportaddress']); ?>" method="post">
+ <form action="<?php echo htmlspecialchars($this->data['errorReportAddress']); ?>" method="post">
<p><?php echo $this->t('report_text'); ?></p>
- <p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" />
+ <p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" />
<p>
<textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea>
</p><p>
- <input type="hidden" name="version" value="<?php echo htmlspecialchars($this->data['version']); ?>" />
- <input type="hidden" name="trackid" value="<?php echo htmlspecialchars($this->data['trackid']); ?>" />
- <input type="hidden" name="exceptionmsg" value="<?php echo htmlspecialchars($this->data['exceptionmsg']); ?>" />
- <input type="hidden" name="exceptiontrace" value="<?php echo htmlspecialchars($this->data['exceptiontrace']); ?>" />
- <input type="hidden" name="errorcode" value="<?php echo htmlspecialchars($this->data['errorcode']); ?>" />
- <input type="hidden" name="parameters" value="<?php echo htmlspecialchars(var_export($this->data['parameters'], TRUE)); ?>" />
- <input type="hidden" name="url" value="<?php echo htmlspecialchars($this->data['url']); ?>" />
-
+ <input type="hidden" name="reportId" value="<?php echo $this->data['error']['reportId']; ?>" />
<input type="submit" name="send" value="<?php echo $this->t('report_submit'); ?>" />
</p>
</form>
diff --git a/www/errorreport.php b/www/errorreport.php
index 4d424e68d..addf56a3c 100644
--- a/www/errorreport.php
+++ b/www/errorreport.php
@@ -13,42 +13,26 @@ if($_SERVER['REQUEST_METHOD'] !== 'POST') {
exit;
}
-
-/* Format of the email.
- * POST fields will be added to the email in the order they appear here, and with the description
- * from the value in the array.
- *
- * DEPRECATED. Included as reference of incoming parameters.
- */
-$mailFormat = array(
- 'email' => 'Email address of submitter',
- 'url' => 'URL of page where the error occured',
- 'errorcode' => 'Error code',
- 'parameters' => 'Parameters for the error',
- 'text' => 'Message from user',
- 'trackid' => 'Track id for the user\' session',
- 'exceptionmsg' => 'Exception message',
- 'exceptiontrace' => 'Exception backtrace',
- 'version' => 'simpleSAMLphp version',
- );
-
-/* POST fields we can safely ignore. */
-$ignoredFields = array(
- 'send',
+$reportId = (string)$_REQUEST['reportId'];
+$email = (string)$_REQUEST['email'];
+$text = htmlspecialchars((string)$_REQUEST['text']);
+
+$session = SimpleSAML_Session::getInstance();
+$data = $session->getData('core:errorreport', $reportId);
+
+if ($data === NULL) {
+ $data = array(
+ 'exceptionMsg' => 'not set',
+ 'exceptionTrace' => 'not set',
+ 'reportId' => $reportId,
+ 'trackId' => $session->getTrackId(),
+ 'url' => 'not set',
+ 'version' => $config->getVersion(),
);
+}
-/* Generate a error ID, and add it to both the log and the error message. This should make it
- * simple to find the error in the logs.
- */
-$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
-SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.');
-
-
-function getPValue($key) {
- if (array_key_exists($key, $_POST)) {
- return strip_tags($_POST[$key]);
- }
- return 'not set';
+foreach ($data as $k => $v) {
+ $data[$k] = htmlspecialchars($v);
}
/* Build the email message. */
@@ -56,23 +40,23 @@ function getPValue($key) {
$message = '<h1>SimpleSAMLphp Error Report</h1>
<p>Message from user:</p>
-<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . getPValue('text') . '</div>
+<div class="box" style="background: yellow; color: #888; border: 1px solid #999900; padding: .4em; margin: .5em">' . htmlspecialchars($text) . '</div>
-<p>Exception: <strong>' . getPValue('exceptionmsg') . '</strong></p>
-<pre>' . getPValue('exceptiontrace') . '</pre>
+<p>Exception: <strong>' . $data['exceptionMsg'] . '</strong></p>
+<pre>' . $data['exceptionTrace'] . '</pre>
<p>URL:</p>
-<pre><a href="' . getPValue('url') . '">' . getPValue('url') . '</a></pre>
+<pre><a href="' . $data['url'] . '">' . $data['url'] . '</a></pre>
<p>Directory:</p>
<pre>' . dirname(dirname(__FILE__)) . '</pre>
<p>Track ID:</p>
-<pre>' . getPValue('trackid') . '</pre>
+<pre>' . $data['trackId'] . '</pre>
-<p>Version: <tt>' . getPValue('version') . '</tt></p>
+<p>Version: <tt>' . $data['version'] . '</tt></p>
-<p>Report ID: <tt>' . $reportId . '</tt></p>
+<p>Report ID: <tt>' . $data['reportId'] . '</tt></p>
<hr />
<div class="footer">This message was sent using simpleSAMLphp. Visit <a href="http://rnd.feide.no/simplesamlphp">simpleSAMLphp homepage</a>.</div>
@@ -81,30 +65,24 @@ $message = '<h1>SimpleSAMLphp Error Report</h1>
/* Add the email address of the submitter as the Reply-To address. */
-$replyto = NULL;
-$from = 'no-reply@simplesamlphp.org';
-if(array_key_exists('email', $_POST)) {
- $email = $_POST['email'];
- $email = trim($email);
- /* Check that it looks like a valid email address. */
- if(!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) {
- $replyto = $email;
- $from = $email;
- }
+$email = trim($email);
+/* Check that it looks like a valid email address. */
+if (!preg_match('/\s/', $email) && strpos($email, '@') !== FALSE) {
+ $replyto = $email;
+ $from = $email;
+} else {
+ $replyto = NULL;
+ $from = 'no-reply@simplesamlphp.org';
}
/* Send the email. */
-$toaddress = $config->getString('technicalcontact_email', 'na@example.org');
-if ($toaddress !== 'na@example.org') {
-
- $email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp error report', $from);
+$toAddress = $config->getString('technicalcontact_email', 'na@example.org');
+if ($toAddress !== 'na@example.org') {
+ $email = new SimpleSAML_XHTML_EMail($toAddress, 'simpleSAMLphp error report', $from);
$email->setBody($message);
$email->send();
+ SimpleSAML_Logger::error('Report with id ' . $reportId . ' sent to <' . $toAddress . '>.');
}
-
-
/* Redirect the user back to this page to clear the POST request. */
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery());
-
-?>
\ No newline at end of file
--
GitLab