fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add more detailed ERR_* error codes to common error messages

Browse source 
가장 많이 발생하는 '잘못된 요청입니다', '보안정책상 허용되지 않습니다'
오류에 좀더 구체적인 ERR_* 코드를 추가하여 디버깅 편의 개선
This commit is contained in:
Kijin Sung 2022-10-13 00:23:15 +09:00
parent b1eee629a2
commit e4e252c1b4
3 changed files with 25 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

36
classes/module/ModuleHandler.class.php
View file

@ -22,6 +22,7 @@ class ModuleHandler extends Handler
var $entry = null;
var $route = null;
var $error = null;
var $error_detail = null;
var $is_mobile = false;
var $httpStatusCode = 200;
@ -161,6 +162,7 @@ class ModuleHandler extends Handler
if($this->route && $this->route->status > 200)
{
$this->error = 'msg_module_is_not_exists';
$this->error_detail = 'ERR_ROUTE_NOT_FOUND';
$this->httpStatusCode = 404;
return true;
}
@ -273,6 +275,7 @@ class ModuleHandler extends Handler
if(!$this->module)
{
$this->error = 'msg_module_is_not_exists';
$this->error_detail = 'ERR_MODULE_NOT_FOUND';
$this->httpStatusCode = 404;
return true;
}
@ -309,7 +312,7 @@ class ModuleHandler extends Handler
// If error occurred while preparation, return a message instance
if($this->error)
{
return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode);
return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $this->error_detail);
}
// Get action information with conf/module.xml
@ -333,7 +336,7 @@ class ModuleHandler extends Handler
// still no act means error
if(!$this->act)
{
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404, 'ERR_NO_DEFAULT_ACT');
}
// get type, kind
@ -367,7 +370,7 @@ class ModuleHandler extends Handler
{
if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{
return self::_createErrorMessage(-1, 'msg_security_violation');
return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
}
}
@ -376,11 +379,11 @@ class ModuleHandler extends Handler
{
if($xml_info->action->{$this->act}->standalone === 'auto' && (!$this->module && !$this->mid))
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
}
if($xml_info->action->{$this->act}->standalone === 'false' && !$this->mid)
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
}
}
@ -446,7 +449,7 @@ class ModuleHandler extends Handler
// If the base module is not found, return an error now.
if (!isset($oModule) || !is_object($oModule))
{
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
}
// If there is no such action in the module object
@ -454,7 +457,7 @@ class ModuleHandler extends Handler
{
if(!Context::isInstalled())
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_NOT_FORWARDABLE');
}
// 1. Look for the module with action name
@ -465,15 +468,15 @@ class ModuleHandler extends Handler
if(!isset($xml_info->action->{$this->act}))
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_NOT_FOUND');
}
elseif ($xml_info->action->{$this->act}->standalone === 'auto' && $this->module !== 'admin' && $this->module !== $module)
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
}
elseif ($xml_info->action->{$this->act}->standalone === 'false' && $this->module !== 'admin')
{
return self::_createErrorMessage(-1, 'msg_invalid_request');
return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
}
else
{
@ -527,7 +530,7 @@ class ModuleHandler extends Handler
{
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{
return self::_createErrorMessage(-1, 'msg_security_violation');
return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
}
}
@ -564,7 +567,7 @@ class ModuleHandler extends Handler
if(!is_object($oModule))
{
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
}
// Admin page layout
@ -934,9 +937,8 @@ class ModuleHandler extends Handler
/**
* Create a message module instance with an error message.
*/
protected static function _createErrorMessage($error, $message, $status_code = 403, $location = null)
protected static function _createErrorMessage($error, $message, $status_code = 403, $detail = '', $location = null)
{
$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
if (!$location)
{
$backtrace = debug_backtrace(false);
@ -945,11 +947,11 @@ class ModuleHandler extends Handler
}
self::_setInputErrorToContext();
$oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject = MessageView::getInstance();
$oMessageObject->setError($error);
$oMessageObject->setMessage($message);
$oMessageObject->setHttpStatusCode($status_code ?: 403);
$oMessageObject->dispMessage('', $location);
$oMessageObject->dispMessage($detail, $location);
return $oMessageObject;
}
@ -1039,7 +1041,7 @@ class ModuleHandler extends Handler
if($this->error)
{
// display content with message module instance
$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $oModule->get('rx_error_location'));
$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, '', $oModule->get('rx_error_location'));
// display Error Page
if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403)))

5
classes/module/ModuleObject.class.php
View file

@ -444,11 +444,10 @@ class ModuleObject extends BaseObject
$location = $caller['file'] . ':' . $caller['line'];
// Error message display by message module
$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
$oMessageObject = ModuleHandler::getModuleInstance('message', $type);
$oMessageObject = MessageView::getInstance();
$oMessageObject->setError(-1);
$oMessageObject->setMessage($msg_code);
$oMessageObject->dispMessage(null, $location);
$oMessageObject->dispMessage('', $location);
$this->setTemplatePath($oMessageObject->getTemplatePath());
$this->setTemplateFile($oMessageObject->getTemplateFile());

8
common/framework/session.php
View file

@ -374,12 +374,12 @@ class Session
$sso_request = Security::decrypt(\Context::get('sso_request'));
if (!$sso_request || !preg_match('!^https?://!', $sso_request))
{
\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400);
\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
exit;
}
if (!URL::isInternalUrl($sso_request) || !URL::isInternalURL($_SERVER['HTTP_REFERER']))
{
\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400);
\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
exit;
}
@ -400,14 +400,14 @@ class Session
$sso_response = Security::decrypt(\Context::get('sso_response'));
if ($sso_response === false)
{
\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400);
\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
exit;
}
// Check that the response was given by the default site (to prevent session fixation CSRF).
if(isset($_SERVER['HTTP_REFERER']) && !URL::isInternalURL($_SERVER['HTTP_REFERER']))
{
\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400);
\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
exit;
}