[ss-2015-025]: FIX Dont expose class on error

This commit is contained in:
Hamish Friedlander 2015-11-10 11:27:49 +13:00 committed by Damian Mooyman
parent ac4342d81d
commit 53b3bc707b

View File

@ -188,14 +188,14 @@ class RequestHandler extends ViewableData {
user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR); user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
} }
$className = get_class($this); $classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
try { try {
if(!$this->hasAction($action)) { if(!$this->hasAction($action)) {
return $this->httpError(404, "Action '$action' isn't available on class $className."); return $this->httpError(404, "Action '$action' isn't available $classMessage.");
} }
if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) { if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
return $this->httpError(403, "Action '$action' isn't allowed on class $className."); return $this->httpError(403, "Action '$action' isn't allowed $classMessage.");
} }
$result = $this->handleAction($request, $action); $result = $this->handleAction($request, $action);
} }
@ -232,7 +232,7 @@ class RequestHandler extends ViewableData {
// But if we have more content on the URL and we don't know what to do with it, return an error. // But if we have more content on the URL and we don't know what to do with it, return an error.
} else { } else {
return $this->httpError(404, "I can't handle sub-URLs of a $this->class object."); return $this->httpError(404, "I can't handle sub-URLs $classMessage.");
} }
return $this; return $this;
@ -276,10 +276,10 @@ class RequestHandler extends ViewableData {
* @return SS_HTTPResponse * @return SS_HTTPResponse
*/ */
protected function handleAction($request, $action) { protected function handleAction($request, $action) {
$className = get_class($this); $classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
if(!$this->hasMethod($action)) { if(!$this->hasMethod($action)) {
return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404); return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404);
} }
$res = $this->extend('beforeCallActionHandler', $request, $action); $res = $this->extend('beforeCallActionHandler', $request, $action);