From 53b3bc707bcccb8f5e5060f85ab1398a0975bba2 Mon Sep 17 00:00:00 2001 From: Hamish Friedlander Date: Tue, 10 Nov 2015 11:27:49 +1300 Subject: [PATCH] [ss-2015-025]: FIX Dont expose class on error --- control/RequestHandler.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/control/RequestHandler.php b/control/RequestHandler.php index 06604c914..e8fe96164 100644 --- a/control/RequestHandler.php +++ b/control/RequestHandler.php @@ -188,14 +188,14 @@ class RequestHandler extends ViewableData { user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR); } - $className = get_class($this); + $classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this); try { if(!$this->hasAction($action)) { - return $this->httpError(404, "Action '$action' isn't available on class $className."); + return $this->httpError(404, "Action '$action' isn't available $classMessage."); } if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) { - return $this->httpError(403, "Action '$action' isn't allowed on class $className."); + return $this->httpError(403, "Action '$action' isn't allowed $classMessage."); } $result = $this->handleAction($request, $action); } @@ -232,7 +232,7 @@ class RequestHandler extends ViewableData { // But if we have more content on the URL and we don't know what to do with it, return an error. } else { - return $this->httpError(404, "I can't handle sub-URLs of a $this->class object."); + return $this->httpError(404, "I can't handle sub-URLs $classMessage."); } return $this; @@ -276,10 +276,10 @@ class RequestHandler extends ViewableData { * @return SS_HTTPResponse */ protected function handleAction($request, $action) { - $className = get_class($this); + $classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this); if(!$this->hasMethod($action)) { - return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404); + return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404); } $res = $this->extend('beforeCallActionHandler', $request, $action);