mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[ss-2015-025]: FIX Dont expose class on error
This commit is contained in:
parent
ac4342d81d
commit
53b3bc707b
@ -188,14 +188,14 @@ class RequestHandler extends ViewableData {
|
|||||||
user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
|
user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
$className = get_class($this);
|
$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if(!$this->hasAction($action)) {
|
if(!$this->hasAction($action)) {
|
||||||
return $this->httpError(404, "Action '$action' isn't available on class $className.");
|
return $this->httpError(404, "Action '$action' isn't available $classMessage.");
|
||||||
}
|
}
|
||||||
if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
|
if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
|
||||||
return $this->httpError(403, "Action '$action' isn't allowed on class $className.");
|
return $this->httpError(403, "Action '$action' isn't allowed $classMessage.");
|
||||||
}
|
}
|
||||||
$result = $this->handleAction($request, $action);
|
$result = $this->handleAction($request, $action);
|
||||||
}
|
}
|
||||||
@ -232,7 +232,7 @@ class RequestHandler extends ViewableData {
|
|||||||
|
|
||||||
// But if we have more content on the URL and we don't know what to do with it, return an error.
|
// But if we have more content on the URL and we don't know what to do with it, return an error.
|
||||||
} else {
|
} else {
|
||||||
return $this->httpError(404, "I can't handle sub-URLs of a $this->class object.");
|
return $this->httpError(404, "I can't handle sub-URLs $classMessage.");
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this;
|
return $this;
|
||||||
@ -276,10 +276,10 @@ class RequestHandler extends ViewableData {
|
|||||||
* @return SS_HTTPResponse
|
* @return SS_HTTPResponse
|
||||||
*/
|
*/
|
||||||
protected function handleAction($request, $action) {
|
protected function handleAction($request, $action) {
|
||||||
$className = get_class($this);
|
$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
|
||||||
|
|
||||||
if(!$this->hasMethod($action)) {
|
if(!$this->hasMethod($action)) {
|
||||||
return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404);
|
return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
$res = $this->extend('beforeCallActionHandler', $request, $action);
|
$res = $this->extend('beforeCallActionHandler', $request, $action);
|
||||||
|
Loading…
Reference in New Issue
Block a user