From 15c7af56882fd8cbf76e6f591f97471a31dadb3d Mon Sep 17 00:00:00 2001 From: Victor Boctor Date: Sat, 3 Feb 2018 15:53:37 -0800 Subject: [PATCH] Revert "Fix regression that discloses file path in some errors" This reverts commit d5d85f17bf934f6a13abcce69fec41171096205e. --- api/soap/mc_api.php | 19 ++++++------------- core/error_api.php | 9 ++------- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/api/soap/mc_api.php b/api/soap/mc_api.php index ff23cf0363..c99b3c4190 100644 --- a/api/soap/mc_api.php +++ b/api/soap/mc_api.php @@ -162,10 +162,6 @@ static function faultServerError( $p_fault_string ) { */ static function faultFromException( Exception $p_exception ) { $t_code = $p_exception->getCode(); - $t_message = $p_exception->getMessage(); - - # Make sure the file path is not disclosed via exception details - $t_message = str_replace( config_get_global( 'absolute_path' ), '.../', $t_message ); switch( $t_code ) { case ERROR_NO_FILE_SPECIFIED: @@ -231,7 +227,7 @@ static function faultFromException( Exception $p_exception ) { case ERROR_COLUMNS_INVALID: case ERROR_API_TOKEN_NAME_NOT_UNIQUE: case ERROR_INVALID_FIELD_VALUE: - return ApiObjectFactory::faultBadRequest( $t_message ); + return ApiObjectFactory::faultBadRequest( $p_exception->getMessage() ); case ERROR_BUG_NOT_FOUND: case ERROR_FILE_NOT_FOUND: @@ -253,7 +249,7 @@ static function faultFromException( Exception $p_exception ) { case ERROR_FILTER_NOT_FOUND: case ERROR_TAG_NOT_FOUND: case ERROR_TOKEN_NOT_FOUND: - return ApiObjectFactory::faultNotFound( $t_message ); + return ApiObjectFactory::faultNotFound( $p_exception->getMessage() ); case ERROR_ACCESS_DENIED: case ERROR_PROTECTED_ACCOUNT: @@ -271,18 +267,18 @@ static function faultFromException( Exception $p_exception ) { case ERROR_LOST_PASSWORD_NOT_ENABLED: case ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED: case ERROR_FORM_TOKEN_INVALID: - return ApiObjectFactory::faultForbidden( $t_message ); + return ApiObjectFactory::faultForbidden( $p_exception->getMessage() ); case ERROR_SPAM_SUSPECTED: - return ApiObjectFactory::faultTooManyRequests( $t_message ); + return ApiObjectFactory::faultTooManyRequests( $p_exception->getMessage() ); case ERROR_CONFIG_OPT_INVALID: case ERROR_FILE_INVALID_UPLOAD_PATH: # TODO: These are configuration or db state errors. - return ApiObjectFactory::faultServerError( $t_message ); + return ApiObjectFactory::faultServerError( $p_exception->getMessage() ); default: - return ApiObjectFactory::faultServerError( $t_message ); + return ApiObjectFactory::faultServerError( $p_exception->getMessage() ); } } @@ -1138,9 +1134,6 @@ function mc_error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context $t_error_stack = error_get_stack_trace(); - # Make sure the file path is not disclosed via exception details - $t_error_description = str_replace( config_get_global( 'absolute_path' ), '.../', $t_error_description ); - error_log( '[mantisconnect.php] Error Type: ' . $t_error_type . ',' . "\n" . 'Error Description: ' . $t_error_description . "\n" . 'Stack Trace:' . "\n" . $t_error_stack ); throw new SoapFault( 'Server', 'Error Type: ' . $t_error_type . ',' . "\n" . 'Error Description: ' . $t_error_description ); diff --git a/core/error_api.php b/core/error_api.php index 3374749171..beb6a68148 100644 --- a/core/error_api.php +++ b/core/error_api.php @@ -247,16 +247,11 @@ function error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context ) $t_error_description = nl2br( $t_error_description ); - # Make sure the file path is not disclosed via exception details - $t_error_description = str_replace( config_get_global( 'absolute_path' ), '.../', $t_error_description ); - - $t_show_detailed_errors = config_get_global( 'show_detailed_errors' ) == ON; - if( php_sapi_name() == 'cli' ) { if( DISPLAY_ERROR_NONE != $t_method ) { echo $t_error_type . ': ' . $t_error_description . "\n"; - if( $t_show_detailed_errors ) { + if( ON == config_get_global( 'show_detailed_errors' ) ) { echo "\n"; error_print_stack_trace(); } @@ -339,7 +334,7 @@ function error_handler( $p_type, $p_error, $p_file, $p_line, array $p_context ) } echo ''; - if( $t_show_detailed_errors ) { + if( ON == config_get_global( 'show_detailed_errors' ) ) { echo '

'; error_print_details( $p_file, $p_line, $p_context ); echo '

';