mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692)
This commit is contained in:
parent
d9b0d14ee9
commit
1298d4a5bd
121
core/startup/ErrorControlChain.php
Normal file
121
core/startup/ErrorControlChain.php
Normal file
@ -0,0 +1,121 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class ErrorControlChain
|
||||||
|
*
|
||||||
|
* Runs a set of steps, optionally suppressing (but recording) any errors (even fatal ones) that occur in each step.
|
||||||
|
* If an error does occur, subsequent steps are normally skipped, but can optionally be run anyway
|
||||||
|
*
|
||||||
|
* Normal errors are suppressed even past the end of the chain. Fatal errors are only suppressed until the end
|
||||||
|
* of the chain - the request will then die silently.
|
||||||
|
*
|
||||||
|
* The exception is if an error occurs and BASE_URL is not yet set - in that case the error is never suppressed.
|
||||||
|
*
|
||||||
|
* Usage:
|
||||||
|
*
|
||||||
|
* $chain = new ErrorControlChain();
|
||||||
|
* $chain->then($callback1)->then($callback2)->then(true, $callback3)->execute();
|
||||||
|
*
|
||||||
|
* WARNING: This class is experimental and designed specifically for use pre-startup in main.php
|
||||||
|
* It will likely be heavily refactored before the release of 3.2
|
||||||
|
*/
|
||||||
|
class ErrorControlChain {
|
||||||
|
protected $error = false;
|
||||||
|
protected $steps = array();
|
||||||
|
|
||||||
|
protected $suppression = true;
|
||||||
|
|
||||||
|
/** We can't unregister_shutdown_function, so this acts as a flag to enable handling */
|
||||||
|
protected $handleFatalErrors = false;
|
||||||
|
|
||||||
|
public function hasErrored() {
|
||||||
|
return $this->error;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setErrored($error) {
|
||||||
|
$this->error = (bool)$error;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setSuppression($suppression) {
|
||||||
|
$this->suppression = (bool)$suppression;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add this callback to the chain of callbacks to call along with the state
|
||||||
|
* that $error must be in this point in the chain for the callback to be called
|
||||||
|
*
|
||||||
|
* @param $callback - The callback to call
|
||||||
|
* @param $onErrorState - false if only call if no errors yet, true if only call if already errors, null for either
|
||||||
|
* @return $this
|
||||||
|
*/
|
||||||
|
public function then($callback, $onErrorState = false) {
|
||||||
|
$this->steps[] = array(
|
||||||
|
'callback' => $callback,
|
||||||
|
'onErrorState' => $onErrorState
|
||||||
|
);
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function thenWhileGood($callback) {
|
||||||
|
return $this->then($callback, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function thenIfErrored($callback) {
|
||||||
|
return $this->then($callback, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function thenAlways($callback) {
|
||||||
|
return $this->then($callback, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function handleError() {
|
||||||
|
if ($this->suppression && defined('BASE_URL')) throw new Exception('Generic Error');
|
||||||
|
else return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function lastErrorWasFatal() {
|
||||||
|
$error = error_get_last();
|
||||||
|
return $error && $error['type'] == 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function handleFatalError() {
|
||||||
|
if ($this->handleFatalErrors && $this->suppression && defined('BASE_URL')) {
|
||||||
|
if ($this->lastErrorWasFatal()) {
|
||||||
|
ob_clean();
|
||||||
|
$this->error = true;
|
||||||
|
$this->step();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function execute() {
|
||||||
|
set_error_handler(array($this, 'handleError'), error_reporting());
|
||||||
|
register_shutdown_function(array($this, 'handleFatalError'));
|
||||||
|
$this->handleFatalErrors = true;
|
||||||
|
|
||||||
|
$this->step();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function step() {
|
||||||
|
if ($this->steps) {
|
||||||
|
$step = array_shift($this->steps);
|
||||||
|
|
||||||
|
if ($step['onErrorState'] === null || $step['onErrorState'] === $this->error) {
|
||||||
|
try {
|
||||||
|
call_user_func($step['callback'], $this);
|
||||||
|
}
|
||||||
|
catch (Exception $e) {
|
||||||
|
if ($this->suppression && defined('BASE_URL')) $this->error = true;
|
||||||
|
else throw $e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->step();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Now clean up
|
||||||
|
$this->handleFatalErrors = false;
|
||||||
|
restore_error_handler();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
113
core/startup/ParameterConfirmationToken.php
Normal file
113
core/startup/ParameterConfirmationToken.php
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class ParameterConfirmationToken
|
||||||
|
*
|
||||||
|
* When you need to use a dangerous GET parameter that needs to be set before core/Core.php is
|
||||||
|
* established, this class takes care of allowing some other code of confirming the parameter,
|
||||||
|
* by generating a one-time-use token & redirecting with that token included in the redirected URL
|
||||||
|
*
|
||||||
|
* WARNING: This class is experimental and designed specifically for use pre-startup in main.php
|
||||||
|
* It will likely be heavily refactored before the release of 3.2
|
||||||
|
*/
|
||||||
|
class ParameterConfirmationToken {
|
||||||
|
protected $parameterName = null;
|
||||||
|
protected $parameter = null;
|
||||||
|
protected $token = null;
|
||||||
|
|
||||||
|
protected function pathForToken($token) {
|
||||||
|
if (defined('BASE_PATH')) {
|
||||||
|
$basepath = BASE_PATH;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR);
|
||||||
|
}
|
||||||
|
|
||||||
|
require_once('core/TempPath.php');
|
||||||
|
$tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR);
|
||||||
|
|
||||||
|
return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function genToken() {
|
||||||
|
// Generate a new random token (as random as possible)
|
||||||
|
require_once('security/RandomGenerator.php');
|
||||||
|
$rg = new RandomGenerator();
|
||||||
|
$token = $rg->randomToken('md5');
|
||||||
|
|
||||||
|
// Store a file in the session save path (safer than /tmp, as open_basedir might limit that)
|
||||||
|
file_put_contents($this->pathForToken($token), $token);
|
||||||
|
|
||||||
|
return $token;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function checkToken($token) {
|
||||||
|
$file = $this->pathForToken($token);
|
||||||
|
$content = null;
|
||||||
|
|
||||||
|
if (file_exists($file)) {
|
||||||
|
$content = file_get_contents($file);
|
||||||
|
unlink($file);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $content == $token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function __construct($parameterName) {
|
||||||
|
// Store the parameter name
|
||||||
|
$this->parameterName = $parameterName;
|
||||||
|
// Store the parameter value
|
||||||
|
$this->parameter = isset($_GET[$parameterName]) ? $_GET[$parameterName] : null;
|
||||||
|
// Store the token
|
||||||
|
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
|
||||||
|
|
||||||
|
// If a token was provided, but isn't valid, just throw a 403
|
||||||
|
if ($this->token && (!$this->checkToken($this->token))) {
|
||||||
|
header("HTTP/1.0 403 Forbidden", true, 403);
|
||||||
|
die;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function parameterProvided() {
|
||||||
|
return $this->parameter !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function tokenProvided() {
|
||||||
|
return $this->token !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function params() {
|
||||||
|
return array(
|
||||||
|
$this->parameterName => $this->parameter,
|
||||||
|
$this->parameterName.'token' => $this->genToken()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function reloadWithToken() {
|
||||||
|
global $url;
|
||||||
|
|
||||||
|
// Are we http or https?
|
||||||
|
$proto = 'http';
|
||||||
|
|
||||||
|
if(isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) {
|
||||||
|
if(strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https') $proto = 'https';
|
||||||
|
}
|
||||||
|
|
||||||
|
if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) $proto = 'https';
|
||||||
|
if(isset($_SERVER['SSL'])) $proto = 'https';
|
||||||
|
|
||||||
|
// What's our host
|
||||||
|
$host = $_SERVER['HTTP_HOST'];
|
||||||
|
|
||||||
|
// What's our GET params (ensuring they include the original parameter + a new token)
|
||||||
|
$params = array_merge($_GET, $this->params());
|
||||||
|
unset($params['url']);
|
||||||
|
|
||||||
|
// Join them all together into the original URL
|
||||||
|
$location = "$proto://" . $host . BASE_URL . $url . ($params ? '?'.http_build_query($params) : '');
|
||||||
|
|
||||||
|
// And redirect
|
||||||
|
header('location: '.$location, true, 302);
|
||||||
|
die;
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +1,32 @@
|
|||||||
# 3.0.6 (Not yet released)
|
# 3.0.6 (Not yet released)
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
* Security: Require ADMIN for `?flush=1` (stop denial of service attacks)
|
||||||
|
([#1692](https://github.com/silverstripe/silverstripe-framework/issues/1692))
|
||||||
|
|
||||||
|
## Details
|
||||||
|
|
||||||
|
### Security: Require ADMIN for ?flush=1
|
||||||
|
|
||||||
|
Flushing the various manifests (class, template, config) is performed through a GET
|
||||||
|
parameter (`flush=1`). Since this action requires more server resources than normal requests,
|
||||||
|
it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack).
|
||||||
|
|
||||||
|
To prevent this, main.php now checks and only allows the flush parameter in the following cases:
|
||||||
|
|
||||||
|
* The [environment](/topics/environment-management) is in "dev mode"
|
||||||
|
* A user is logged in with ADMIN permissions
|
||||||
|
* An error occurs during startup
|
||||||
|
|
||||||
|
This applies to both `flush=1` and `flush=all` (technically we only check for the existence of any parameter value)
|
||||||
|
but only through web requests made through main.php - CLI requests, or any other request that goes through
|
||||||
|
a custom start up script will still process all flush requests as normal.
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
* If you have created your own composite database fields, then you shoulcd amend the setValue() to allow the passing of an object (usually DataObject) as well as an array.
|
* If you have created your own composite database fields, then you should amend the setValue() to allow the passing of
|
||||||
|
an object (usually DataObject) as well as an array.
|
||||||
|
|
||||||
|
* If you have provided your own startup scripts (ones that include core/Core.php) that can be accessed via a web
|
||||||
|
request, you should ensure that you limit use of the flush parameter
|
||||||
|
@ -17,10 +17,8 @@ Append the option and corresponding value to your URL in your browser's address
|
|||||||
|
|
||||||
| URL Variable | | Values | | Description |
|
| URL Variable | | Values | | Description |
|
||||||
| ------------ | | ------ | | ----------- |
|
| ------------ | | ------ | | ----------- |
|
||||||
| flush | | 1,all | | This will clear out all cached information about the page. This is used frequently during development - for example, when adding new PHP or SS files. See below for value descriptions. |
|
| flush=1 | | 1 | | Clears out all caches. Used mainly during development, e.g. when adding new classes or templates. Requires "dev" mode or ADMIN login |
|
||||||
| showtemplate | | 1 | | Show the compiled version of all the templates used, including line numbers. Good when you have a syntax error in a template. Cannot be used on a Live site without **isDev**. **flush** can be used with the following values: |
|
| showtemplate | | 1 | | Show the compiled version of all the templates used, including line numbers. Good when you have a syntax error in a template. Cannot be used on a Live site without **isDev**. **flush** can be used with the following values: |
|
||||||
| ?flush=1 | | | | Flushes the current page and included templates |
|
|
||||||
| ?flush=all | | | | Flushes the entire template cache |
|
|
||||||
|
|
||||||
## General Testing
|
## General Testing
|
||||||
|
|
||||||
|
26
docs/en/topics/caching.md
Normal file
26
docs/en/topics/caching.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Caching
|
||||||
|
|
||||||
|
## Built-In Caches
|
||||||
|
|
||||||
|
The framework uses caches to store infrequently changing values.
|
||||||
|
By default, the storage mechanism is simply the filesystem, although
|
||||||
|
other cache backends can be configured. All caches use the `[api:SS_Cache]` API.
|
||||||
|
|
||||||
|
The most common caches are manifests of various resources:
|
||||||
|
|
||||||
|
* PHP class locations (`[api:SS_ClassManifest]`)
|
||||||
|
* Template file locations and compiled templates (`[api:SS_TemplateManifest]`)
|
||||||
|
* Configuration settings from YAML files (`[api:SS_ConfigManifest]`)
|
||||||
|
* Language files (`[api:i18n]`)
|
||||||
|
|
||||||
|
Flushing the various manifests is performed through a GET
|
||||||
|
parameter (`flush=1`). Since this action requires more server resources than normal requests,
|
||||||
|
executing the action is limited to the following cases when performed via a web request:
|
||||||
|
|
||||||
|
* The [environment](/topics/environment-management) is in "dev mode"
|
||||||
|
* A user is logged in with ADMIN permissions
|
||||||
|
* An error occurs during startup
|
||||||
|
|
||||||
|
## Custom Caches
|
||||||
|
|
||||||
|
See `[api:SS_Cache]`.
|
@ -4,6 +4,7 @@ This section provides an overview on how things fit together, the "conceptual gl
|
|||||||
It is where most documentation should live, and is the natural "second step" after finishing the tutorials.
|
It is where most documentation should live, and is the natural "second step" after finishing the tutorials.
|
||||||
|
|
||||||
* [Access Control and Page Security](access-control): Restricting access and setting up permissions on your website
|
* [Access Control and Page Security](access-control): Restricting access and setting up permissions on your website
|
||||||
|
* [Caching](caching): Explains built-in caches for classes, config and templates. How to use your own caches.
|
||||||
* [Command line Usage](commandline): Calling controllers via the command line interface using `sake`
|
* [Command line Usage](commandline): Calling controllers via the command line interface using `sake`
|
||||||
* [Configuring your website](configuration): How to configure the `_config.php` file
|
* [Configuring your website](configuration): How to configure the `_config.php` file
|
||||||
* [Controller](controller): The intermediate layer between your templates and the data model
|
* [Controller](controller): The intermediate layer between your templates and the data model
|
||||||
|
139
main.php
139
main.php
@ -59,44 +59,108 @@ if (version_compare(phpversion(), '5.3.2', '<')) {
|
|||||||
/**
|
/**
|
||||||
* Include SilverStripe's core code
|
* Include SilverStripe's core code
|
||||||
*/
|
*/
|
||||||
require_once('core/Core.php');
|
require_once('core/startup/ErrorControlChain.php');
|
||||||
|
require_once('core/startup/ParameterConfirmationToken.php');
|
||||||
|
|
||||||
// IIS will sometimes generate this.
|
$chain = new ErrorControlChain();
|
||||||
if(!empty($_SERVER['HTTP_X_ORIGINAL_URL'])) {
|
$token = new ParameterConfirmationToken('flush');
|
||||||
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
|
|
||||||
}
|
|
||||||
|
|
||||||
// Apache rewrite rules use this
|
$chain
|
||||||
if (isset($_GET['url'])) {
|
// First, if $_GET['flush'] was set, but no valid token, suppress the flush
|
||||||
$url = $_GET['url'];
|
->then(function($chain) use ($token){
|
||||||
// IIS includes get variables in url
|
if (isset($_GET['flush']) && !$token->tokenProvided()) {
|
||||||
$i = strpos($url, '?');
|
unset($_GET['flush']);
|
||||||
if($i !== false) {
|
}
|
||||||
$url = substr($url, 0, $i);
|
else {
|
||||||
}
|
$chain->setSuppression(false);
|
||||||
|
}
|
||||||
// Lighttpd uses this
|
})
|
||||||
} else {
|
// Then load in core
|
||||||
if(strpos($_SERVER['REQUEST_URI'],'?') !== false) {
|
->then(function(){
|
||||||
list($url, $query) = explode('?', $_SERVER['REQUEST_URI'], 2);
|
require_once('core/Core.php');
|
||||||
parse_str($query, $_GET);
|
})
|
||||||
if ($_GET) $_REQUEST = array_merge((array)$_REQUEST, (array)$_GET);
|
// Then build the URL (even if Core didn't load beyond setting BASE_URL)
|
||||||
} else {
|
->thenAlways(function(){
|
||||||
$url = $_SERVER["REQUEST_URI"];
|
global $url;
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove base folders from the URL if webroot is hosted in a subfolder
|
// IIS will sometimes generate this.
|
||||||
if (substr(strtolower($url), 0, strlen(BASE_URL)) == strtolower(BASE_URL)) $url = substr($url, strlen(BASE_URL));
|
if(!empty($_SERVER['HTTP_X_ORIGINAL_URL'])) {
|
||||||
|
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_GET['debug_profile'])) {
|
// Apache rewrite rules use this
|
||||||
Profiler::init();
|
if (isset($_GET['url'])) {
|
||||||
Profiler::mark('all_execution');
|
$url = $_GET['url'];
|
||||||
Profiler::mark('main.php init');
|
// IIS includes get variables in url
|
||||||
}
|
$i = strpos($url, '?');
|
||||||
|
if($i !== false) {
|
||||||
|
$url = substr($url, 0, $i);
|
||||||
|
}
|
||||||
|
|
||||||
// Connect to database
|
// Lighttpd uses this
|
||||||
require_once('model/DB.php');
|
} else {
|
||||||
|
if(strpos($_SERVER['REQUEST_URI'],'?') !== false) {
|
||||||
|
list($url, $query) = explode('?', $_SERVER['REQUEST_URI'], 2);
|
||||||
|
parse_str($query, $_GET);
|
||||||
|
if ($_GET) $_REQUEST = array_merge((array)$_REQUEST, (array)$_GET);
|
||||||
|
} else {
|
||||||
|
$url = $_SERVER["REQUEST_URI"];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove base folders from the URL if webroot is hosted in a subfolder
|
||||||
|
if (substr(strtolower($url), 0, strlen(BASE_URL)) == strtolower(BASE_URL)) $url = substr($url, strlen(BASE_URL));
|
||||||
|
})
|
||||||
|
// Then start up the database
|
||||||
|
->then(function(){
|
||||||
|
if (isset($_GET['debug_profile'])) {
|
||||||
|
Profiler::init();
|
||||||
|
Profiler::mark('all_execution');
|
||||||
|
Profiler::mark('main.php init');
|
||||||
|
}
|
||||||
|
|
||||||
|
require_once('model/DB.php');
|
||||||
|
global $databaseConfig;
|
||||||
|
|
||||||
|
if (isset($_GET['debug_profile'])) Profiler::mark('DB::connect');
|
||||||
|
if ($databaseConfig) DB::connect($databaseConfig);
|
||||||
|
if (isset($_GET['debug_profile'])) Profiler::unmark('DB::connect');
|
||||||
|
})
|
||||||
|
// Then if a flush was requested, redirect to it
|
||||||
|
->then(function($chain) use ($token){
|
||||||
|
if ($token->parameterProvided() && !$token->tokenProvided()) {
|
||||||
|
// First, check if we're in dev mode, or the database doesn't have any security data
|
||||||
|
$canFlush = Director::isDev() || !Security::database_is_ready();
|
||||||
|
|
||||||
|
// Otherwise, we start up the session if needed, then check for admin
|
||||||
|
if (!$canFlush) {
|
||||||
|
if(!isset($_SESSION) && (isset($_COOKIE[session_name()]) || isset($_REQUEST[session_name()]))) {
|
||||||
|
Session::start();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Permission::check('ADMIN')) {
|
||||||
|
$canFlush = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$loginPage = Director::absoluteURL(Config::inst()->get('Security', 'login_url'));
|
||||||
|
$loginPage .= "?BackURL=" . urlencode($_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
|
header('location: '.$loginPage, true, 302);
|
||||||
|
die;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// And if we can flush, reload with an authority token
|
||||||
|
if ($canFlush) $token->reloadWithToken();
|
||||||
|
}
|
||||||
|
})
|
||||||
|
// Finally if a flush was requested but there was an error while figuring out if it's allowed, do it anyway
|
||||||
|
->thenIfErrored(function() use ($token){
|
||||||
|
if ($token->parameterProvided() && !$token->tokenProvided()) {
|
||||||
|
$token->reloadWithToken();
|
||||||
|
}
|
||||||
|
})
|
||||||
|
->execute();
|
||||||
|
|
||||||
// Redirect to the installer if no database is selected
|
// Redirect to the installer if no database is selected
|
||||||
if(!isset($databaseConfig) || !isset($databaseConfig['database']) || !$databaseConfig['database']) {
|
if(!isset($databaseConfig) || !isset($databaseConfig['database']) || !$databaseConfig['database']) {
|
||||||
@ -105,22 +169,17 @@ if(!isset($databaseConfig) || !isset($databaseConfig['database']) || !$databaseC
|
|||||||
}
|
}
|
||||||
$s = (isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) ? 's' : '';
|
$s = (isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) ? 's' : '';
|
||||||
$installURL = "http$s://" . $_SERVER['HTTP_HOST'] . BASE_URL . '/install.php';
|
$installURL = "http$s://" . $_SERVER['HTTP_HOST'] . BASE_URL . '/install.php';
|
||||||
|
|
||||||
// The above dirname() will equate to "\" on Windows when installing directly from http://localhost (not using
|
// The above dirname() will equate to "\" on Windows when installing directly from http://localhost (not using
|
||||||
// a sub-directory), this really messes things up in some browsers. Let's get rid of the backslashes
|
// a sub-directory), this really messes things up in some browsers. Let's get rid of the backslashes
|
||||||
$installURL = str_replace('\\', '', $installURL);
|
$installURL = str_replace('\\', '', $installURL);
|
||||||
|
|
||||||
header("Location: $installURL");
|
header("Location: $installURL");
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_GET['debug_profile'])) Profiler::mark('DB::connect');
|
|
||||||
DB::connect($databaseConfig);
|
|
||||||
if (isset($_GET['debug_profile'])) Profiler::unmark('DB::connect');
|
|
||||||
|
|
||||||
if (isset($_GET['debug_profile'])) Profiler::unmark('main.php init');
|
if (isset($_GET['debug_profile'])) Profiler::unmark('main.php init');
|
||||||
|
|
||||||
|
|
||||||
// Direct away - this is the "main" function, that hands control to the appropriate controller
|
// Direct away - this is the "main" function, that hands control to the appropriate controller
|
||||||
DataModel::set_inst(new DataModel());
|
DataModel::set_inst(new DataModel());
|
||||||
Director::direct($url, DataModel::inst());
|
Director::direct($url, DataModel::inst());
|
||||||
|
90
tests/core/startup/ErrorControlChainTest.php
Normal file
90
tests/core/startup/ErrorControlChainTest.php
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
class ErrorControlChainTest extends SapphireTest {
|
||||||
|
|
||||||
|
function testErrorSuppression() {
|
||||||
|
$chain = new ErrorControlChain();
|
||||||
|
|
||||||
|
$chain
|
||||||
|
->then(function(){
|
||||||
|
user_error('This error should be suppressed', E_USER_ERROR);
|
||||||
|
})
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->assertTrue($chain->hasErrored());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testMultipleErrorSuppression() {
|
||||||
|
$chain = new ErrorControlChain();
|
||||||
|
|
||||||
|
$chain
|
||||||
|
->then(function(){
|
||||||
|
user_error('This error should be suppressed', E_USER_ERROR);
|
||||||
|
})
|
||||||
|
->thenAlways(function(){
|
||||||
|
user_error('This error should also be suppressed', E_USER_ERROR);
|
||||||
|
})
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->assertTrue($chain->hasErrored());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testExceptionSuppression() {
|
||||||
|
$chain = new ErrorControlChain();
|
||||||
|
|
||||||
|
$chain
|
||||||
|
->then(function(){
|
||||||
|
throw new Exception('This exception should be suppressed');
|
||||||
|
})
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->assertTrue($chain->hasErrored());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testMultipleExceptionSuppression() {
|
||||||
|
$chain = new ErrorControlChain();
|
||||||
|
|
||||||
|
$chain
|
||||||
|
->then(function(){
|
||||||
|
throw new Exception('This exception should be suppressed');
|
||||||
|
})
|
||||||
|
->thenAlways(function(){
|
||||||
|
throw new Exception('This exception should also be suppressed');
|
||||||
|
})
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->assertTrue($chain->hasErrored());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testErrorControl() {
|
||||||
|
$preError = $postError = array('then' => false, 'thenIfErrored' => false, 'thenAlways' => false);
|
||||||
|
|
||||||
|
$chain = new ErrorControlChain();
|
||||||
|
|
||||||
|
$chain
|
||||||
|
->then(function() use (&$preError) { $preError['then'] = true; })
|
||||||
|
->thenIfErrored(function() use (&$preError) { $preError['thenIfErrored'] = true; })
|
||||||
|
->thenAlways(function() use (&$preError) { $preError['thenAlways'] = true; })
|
||||||
|
|
||||||
|
->then(function(){ user_error('An error', E_USER_ERROR); })
|
||||||
|
|
||||||
|
->then(function() use (&$postError) { $postError['then'] = true; })
|
||||||
|
->thenIfErrored(function() use (&$postError) { $postError['thenIfErrored'] = true; })
|
||||||
|
->thenAlways(function() use (&$postError) { $postError['thenAlways'] = true; })
|
||||||
|
|
||||||
|
->execute();
|
||||||
|
|
||||||
|
$this->assertEquals(
|
||||||
|
array('then' => true, 'thenIfErrored' => false, 'thenAlways' => true),
|
||||||
|
$preError,
|
||||||
|
'Then and thenAlways callbacks called before error, thenIfErrored callback not called'
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertEquals(
|
||||||
|
array('then' => false, 'thenIfErrored' => true, 'thenAlways' => true),
|
||||||
|
$postError,
|
||||||
|
'thenIfErrored and thenAlways callbacks called after error, then callback not called'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user