From 7350e13113c8ed484727a5c25331ec11d4d59f5f Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 9 Sep 2016 13:52:34 +0200 Subject: [PATCH] Don't print exception message in HTML The exception message is potentially influenced by user input and could thus be confusing (e.g. somebody could try to open a file like "Please send a mail to support@foo.com", and then the message would include that string. It is thus reasonable to not show the exception message by default. Also for the browser view I added an `exit()` at the end, as otherwise the XML exception would be attached. --- apps/dav/lib/Files/BrowserErrorPagePlugin.php | 7 +++---- apps/dav/templates/exception.php | 1 - 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/apps/dav/lib/Files/BrowserErrorPagePlugin.php b/apps/dav/lib/Files/BrowserErrorPagePlugin.php index 8c257b324b9c8..b58ce4df874c8 100644 --- a/apps/dav/lib/Files/BrowserErrorPagePlugin.php +++ b/apps/dav/lib/Files/BrowserErrorPagePlugin.php @@ -31,7 +31,6 @@ use Sabre\DAV\ServerPlugin; class BrowserErrorPagePlugin extends ServerPlugin { - /** @var Server */ private $server; @@ -88,8 +87,7 @@ public function logException(\Exception $ex) { /** * @codeCoverageIgnore - * @param \Exception $ex - * @param int $httpCode + * @param \Exception $exception * @return bool|string */ public function generateBody(\Exception $exception) { @@ -109,10 +107,11 @@ public function generateBody(\Exception $exception) { return $content->fetchPage(); } - /* + /** * @codeCoverageIgnore */ public function sendResponse() { $this->server->sapi->sendResponse($this->server->httpResponse); + exit(); } } diff --git a/apps/dav/templates/exception.php b/apps/dav/templates/exception.php index 01c4eea4b5ada..eb53e4f75aa03 100644 --- a/apps/dav/templates/exception.php +++ b/apps/dav/templates/exception.php @@ -6,7 +6,6 @@ ?>

-


t('Technical details')) ?>