Don't print exception messages in html #26460

Merged
merged 2 commits into from Oct 25, 2016

Projects

None yet

3 participants

@DeepDiver1975
Member
DeepDiver1975 commented Oct 24, 2016 edited

Related Issue

https://nextcloud.com/security/advisory/?id=nc-sa-2016-011

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
@DeepDiver1975 DeepDiver1975 Don't print exception messages in html
039ef29
@DeepDiver1975 DeepDiver1975 added this to the 9.2 milestone Oct 24, 2016
@mention-bot

@DeepDiver1975, thanks for your PR! By analyzing the history of the files in this pull request, we identified @LukasReschke to be a potential reviewer.

@@ -6,7 +6,6 @@
?>
<span class="error error-wide">
<h2><strong><?php p($_['title']) ?></strong></h2>
- <p><?php p($_['message']) ?></p>
@PVince81
PVince81 Oct 24, 2016 Collaborator

how about wrapping this in $_['debugMode'] like the trace below ?

@DeepDiver1975
DeepDiver1975 Oct 24, 2016 Member

not really worth from my pov - dav exceptions should not really hit the browser and are logged in the server log anyhow

@PVince81
PVince81 Oct 24, 2016 Collaborator

then in that case we can also remove the "Trace" block, because that one doesn't make much sense without the message either

@DeepDiver1975
DeepDiver1975 Oct 24, 2016 Member

addressed - see dda2132

@DeepDiver1975 DeepDiver1975 Remove any detailed information about the exception in the browser er…
…ror plugin
dda2132
@PVince81
Collaborator

👍

Please backport

@PVince81 PVince81 merged commit 2064023 into master Oct 25, 2016

4 checks passed

Scrutinizer No new issues
Details
continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@PVince81 PVince81 deleted the throw-exceptions-not-printable branch Oct 25, 2016
@DeepDiver1975 DeepDiver1975 self-assigned this Oct 25, 2016
@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Oct 25, 2016
@PVince81 @DeepDiver1975 PVince81 + DeepDiver1975 [stable9.1] Merge pull request #26460 from owncloud/throw-exceptions-…
…not-printable

Don't print exception messages in html
96b8afe
@PVince81
Collaborator

@DeepDiver1975 stable9 and further ?

@PVince81
Collaborator

stable9: #26485

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment