- Prevent inability to log into the ZMI due to failing exception views

zopefoundation · Apr 29, 2019 · e3c2371 · e3c2371
1 parent ca445a6
commit e3c2371
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -14,6 +14,8 @@ https://github.com/zopefoundation/Zope/blob/4.0a6/CHANGES.rst
 Fixes
 +++++
 
+- Prevent inability to log into the ZMI due to failing exception views
+
 - Hardeded ``RESPONSE.redirect`` to deal with any unencoded or encoded input
   (`#435 <https://github.com/zopefoundation/Zope/issues/435>`_)
 

diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py
@@ -164,9 +164,13 @@ def transaction_pubevents(request, response, tm=transaction.manager):
             if request.environ.get('x-wsgiorg.throw_errors', False):
                 reraise(*exc_info)
 
-            # Handle exception view
-            exc_view_created = _exc_view_created_response(
-                exc, request, response)
+            # Handle exception view. Make sure an exception view that
+            # blows up doesn't leave the user e.g. unable to log in.
+            try:
+                exc_view_created = _exc_view_created_response(
+                    exc, request, response)
+            except Exception:
+                exc_view_created = False
 
             if isinstance(exc, Unauthorized):
                 # _unauthorized modifies the response in-place. If this hook