From e4e252c1b457a325f8e578c6b5ce0327a52199f4 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 13 Oct 2022 00:23:15 +0900
Subject: [PATCH] Add more detailed ERR_* error codes to common error messages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

가장 많이 발생하는 '잘못된 요청입니다', '보안정책상 허용되지 않습니다'
오류에 좀더 구체적인 ERR_* 코드를 추가하여 디버깅 편의 개선
---
 classes/module/ModuleHandler.class.php | 36 ++++++++++++++------------
 classes/module/ModuleObject.class.php  |  5 ++--
 common/framework/session.php           |  8 +++---
 3 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index d8429a7e3..649589d4f 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -22,6 +22,7 @@ class ModuleHandler extends Handler
 	var $entry = null;
 	var $route = null;
 	var $error = null;
+	var $error_detail = null;
 	var $is_mobile = false;
 	var $httpStatusCode = 200;
 
@@ -161,6 +162,7 @@ class ModuleHandler extends Handler
 		if($this->route && $this->route->status > 200)
 		{
 			$this->error = 'msg_module_is_not_exists';
+			$this->error_detail = 'ERR_ROUTE_NOT_FOUND';
 			$this->httpStatusCode = 404;
 			return true;
 		}
@@ -273,6 +275,7 @@ class ModuleHandler extends Handler
 		if(!$this->module)
 		{
 			$this->error = 'msg_module_is_not_exists';
+			$this->error_detail = 'ERR_MODULE_NOT_FOUND';
 			$this->httpStatusCode = 404;
 			return true;
 		}
@@ -309,7 +312,7 @@ class ModuleHandler extends Handler
 		// If error occurred while preparation, return a message instance
 		if($this->error)
 		{
-			return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode);
+			return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $this->error_detail);
 		}
 
 		// Get action information with conf/module.xml
@@ -333,7 +336,7 @@ class ModuleHandler extends Handler
 		// still no act means error
 		if(!$this->act)
 		{
-			return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
+			return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404, 'ERR_NO_DEFAULT_ACT');
 		}
 
 		// get type, kind
@@ -367,7 +370,7 @@ class ModuleHandler extends Handler
 		{
 			if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
 			{
-				return self::_createErrorMessage(-1, 'msg_security_violation');
+				return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
 			}
 		}
 		
@@ -376,11 +379,11 @@ class ModuleHandler extends Handler
 		{
 			if($xml_info->action->{$this->act}->standalone === 'auto' && (!$this->module && !$this->mid))
 			{
-				return self::_createErrorMessage(-1, 'msg_invalid_request');
+				return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
 			}
 			if($xml_info->action->{$this->act}->standalone === 'false' && !$this->mid)
 			{
-				return self::_createErrorMessage(-1, 'msg_invalid_request');
+				return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
 			}
 		}
 
@@ -446,7 +449,7 @@ class ModuleHandler extends Handler
 		// If the base module is not found, return an error now.
 		if (!isset($oModule) || !is_object($oModule))
 		{
-			return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
+			return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
 		}
 
 		// If there is no such action in the module object
@@ -454,7 +457,7 @@ class ModuleHandler extends Handler
 		{
 			if(!Context::isInstalled())
 			{
-				return self::_createErrorMessage(-1, 'msg_invalid_request');
+				return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_NOT_FORWARDABLE');
 			}
 			
 			// 1. Look for the module with action name
@@ -465,15 +468,15 @@ class ModuleHandler extends Handler
 
 				if(!isset($xml_info->action->{$this->act}))
 				{
-					return self::_createErrorMessage(-1, 'msg_invalid_request');
+					return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_NOT_FOUND');
 				}
 				elseif ($xml_info->action->{$this->act}->standalone === 'auto' && $this->module !== 'admin' && $this->module !== $module)
 				{
-					return self::_createErrorMessage(-1, 'msg_invalid_request');
+					return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
 				}
 				elseif ($xml_info->action->{$this->act}->standalone === 'false' && $this->module !== 'admin')
 				{
-					return self::_createErrorMessage(-1, 'msg_invalid_request');
+					return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
 				}
 				else
 				{
@@ -527,7 +530,7 @@ class ModuleHandler extends Handler
 				{
 					if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
 					{
-						return self::_createErrorMessage(-1, 'msg_security_violation');
+						return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
 					}
 				}
 				
@@ -564,7 +567,7 @@ class ModuleHandler extends Handler
 						
 				if(!is_object($oModule))
 				{
-					return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404);
+					return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
 				}
 				
 				// Admin page layout
@@ -934,9 +937,8 @@ class ModuleHandler extends Handler
 	/**
 	 * Create a message module instance with an error message.
 	 */
-	protected static function _createErrorMessage($error, $message, $status_code = 403, $location = null)
+	protected static function _createErrorMessage($error, $message, $status_code = 403, $detail = '', $location = null)
 	{
-		$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
 		if (!$location)
 		{
 			$backtrace = debug_backtrace(false);
@@ -945,11 +947,11 @@ class ModuleHandler extends Handler
 		}
 		
 		self::_setInputErrorToContext();
-		$oMessageObject = self::getModuleInstance('message', $display_mode);
+		$oMessageObject = MessageView::getInstance();
 		$oMessageObject->setError($error);
 		$oMessageObject->setMessage($message);
 		$oMessageObject->setHttpStatusCode($status_code ?: 403);
-		$oMessageObject->dispMessage('', $location);
+		$oMessageObject->dispMessage($detail, $location);
 		return $oMessageObject;
 	}
 
@@ -1039,7 +1041,7 @@ class ModuleHandler extends Handler
 			if($this->error)
 			{
 				// display content with message module instance
-				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $oModule->get('rx_error_location'));
+				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, '', $oModule->get('rx_error_location'));
 
 				// display Error Page
 				if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403)))
diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php
index 95aaa2e4e..84bfaba96 100644
--- a/classes/module/ModuleObject.class.php
+++ b/classes/module/ModuleObject.class.php
@@ -444,11 +444,10 @@ class ModuleObject extends BaseObject
 			$location = $caller['file'] . ':' . $caller['line'];
 			
 			// Error message display by message module
-			$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
-			$oMessageObject = ModuleHandler::getModuleInstance('message', $type);
+			$oMessageObject = MessageView::getInstance();
 			$oMessageObject->setError(-1);
 			$oMessageObject->setMessage($msg_code);
-			$oMessageObject->dispMessage(null, $location);
+			$oMessageObject->dispMessage('', $location);
 			
 			$this->setTemplatePath($oMessageObject->getTemplatePath());
 			$this->setTemplateFile($oMessageObject->getTemplateFile());
diff --git a/common/framework/session.php b/common/framework/session.php
index 57cbddd59..6d096fe75 100644
--- a/common/framework/session.php
+++ b/common/framework/session.php
@@ -374,12 +374,12 @@ class Session
 			$sso_request = Security::decrypt(\Context::get('sso_request'));
 			if (!$sso_request || !preg_match('!^https?://!', $sso_request))
 			{
-				\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400);
+				\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
 				exit;
 			}
 			if (!URL::isInternalUrl($sso_request) || !URL::isInternalURL($_SERVER['HTTP_REFERER']))
 			{
-				\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400);
+				\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
 				exit;
 			}
 			
@@ -400,14 +400,14 @@ class Session
 			$sso_response = Security::decrypt(\Context::get('sso_response'));
 			if ($sso_response === false)
 			{
-				\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400);
+				\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
 				exit;
 			}
 			
 			// Check that the response was given by the default site (to prevent session fixation CSRF).
 			if(isset($_SERVER['HTTP_REFERER']) && !URL::isInternalURL($_SERVER['HTTP_REFERER']))
 			{
-				\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400);
+				\Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
 				exit;
 			}