New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API: when an invalid format is specified, keep the error message shorter #12401

Merged
merged 1 commit into from Jan 5, 2018

Conversation

Projects
None yet
3 participants
@mattab
Member

mattab commented Jan 4, 2018

This will fix the issue where particularly crafted request will result in displaying stack traces

follows up #12357

Example request on Demo: https://demo.piwik.org/?module=API&method=VisitsSummary.getVisits&idSite=1&period=day&date=last10&format=xmls&token_auth=XYZANONYMIZED

which outputs file paths:

Piwik encoutered an error: Uncaught Exception: Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml. in /home/piwik-demo/storage/www/demo.piwik.org/core/API/ApiRenderer.php:134
Stack trace:
#0 /home/piwik-demo/storage/www/demo.piwik.org/core/API/ResponseBuilder.php(40): Piwik\API\ApiRenderer::factory('xmls', Array)
#1 /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(89): Piwik\API\ResponseBuilder->__construct('xmls')
#2 /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(70): Piwik\ExceptionHandler::getErrorResponse(Object(Exception))
#3 /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(36): Piwik\ExceptionHandler::dieWithHtmlErrorPage(Object(Exception))
#4 [internal function]: Piwik\ExceptionHandler::handleException(Object(Exception))
#5 {main}
  thrown (which lead to: Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml.)

After the fix the output is simply:

Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml.

@mattab mattab added the c: Security label Jan 4, 2018

@mattab mattab added this to the 3.3.0 milestone Jan 4, 2018

@sgiehl

sgiehl approved these changes Jan 5, 2018

@sgiehl sgiehl merged commit 66ba4e4 into 3.x-dev Jan 5, 2018

0 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
Details
continuous-integration/travis-ci/push The Travis CI build could not complete due to an error
Details

@sgiehl sgiehl deleted the no_stack_when_double_exception branch Jan 5, 2018

@tsteur

This comment has been minimized.

Show comment
Hide comment
@tsteur

tsteur Jan 6, 2018

Member

What about adding a test @mattab ?

Member

tsteur commented Jan 6, 2018

What about adding a test @mattab ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment