fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add more detailed ERR_* error codes to common error messages

Browse source 
가장 많이 발생하는 '잘못된 요청입니다', '보안정책상 허용되지 않습니다'
오류에 좀더 구체적인 ERR_* 코드를 추가하여 디버깅 편의 개선
This commit is contained in:
Kijin Sung 2022-10-13 00:23:15 +09:00
parent b1eee629a2
commit e4e252c1b4
3 changed files with 25 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

36
classes/module/ModuleHandler.class.php
View file

@ -22,6 +22,7 @@ class ModuleHandler extends Handler
var $entry = null; var $entry = null;
var $route = null; var $route = null;
var $error = null; var $error = null;
var $error_detail = null;
var $is_mobile = false; var $is_mobile = false;
var $httpStatusCode = 200; var $httpStatusCode = 200;
@ -161,6 +162,7 @@ class ModuleHandler extends Handler
if($this->route && $this->route->status > 200) if($this->route && $this->route->status > 200)
{ {
$this->error = 'msg_module_is_not_exists'; $this->error = 'msg_module_is_not_exists';
$this->error_detail = 'ERR_ROUTE_NOT_FOUND';
$this->httpStatusCode = 404; $this->httpStatusCode = 404;
return true; return true;
} }
@ -273,6 +275,7 @@ class ModuleHandler extends Handler
if(!$this->module) if(!$this->module)
{ {
$this->error = 'msg_module_is_not_exists'; $this->error = 'msg_module_is_not_exists';
$this->error_detail = 'ERR_MODULE_NOT_FOUND';
$this->httpStatusCode = 404; $this->httpStatusCode = 404;
return true; return true;
} }
@ -309,7 +312,7 @@ class ModuleHandler extends Handler
// If error occurred while preparation, return a message instance // If error occurred while preparation, return a message instance
if($this->error) if($this->error)
{ {
return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode); return self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $this->error_detail);
} }
// Get action information with conf/module.xml // Get action information with conf/module.xml
@ -333,7 +336,7 @@ class ModuleHandler extends Handler
// still no act means error // still no act means error
if(!$this->act) if(!$this->act)
{ {
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404); return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404, 'ERR_NO_DEFAULT_ACT');
} }
// get type, kind // get type, kind
@ -367,7 +370,7 @@ class ModuleHandler extends Handler
{ {
if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF()) if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{ {
return self::_createErrorMessage(-1, 'msg_security_violation'); return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
} }
} }
@ -376,11 +379,11 @@ class ModuleHandler extends Handler
{ {
if($xml_info->action->{$this->act}->standalone === 'auto' && (!$this->module && !$this->mid)) if($xml_info->action->{$this->act}->standalone === 'auto' && (!$this->module && !$this->mid))
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
} }
if($xml_info->action->{$this->act}->standalone === 'false' && !$this->mid) if($xml_info->action->{$this->act}->standalone === 'false' && !$this->mid)
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
} }
} }
@ -446,7 +449,7 @@ class ModuleHandler extends Handler
// If the base module is not found, return an error now. // If the base module is not found, return an error now.
if (!isset($oModule) || !is_object($oModule)) if (!isset($oModule) || !is_object($oModule))
{ {
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404); return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
} }
// If there is no such action in the module object // If there is no such action in the module object
@ -454,7 +457,7 @@ class ModuleHandler extends Handler
{ {
if(!Context::isInstalled()) if(!Context::isInstalled())
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_NOT_FORWARDABLE');
} }
// 1. Look for the module with action name // 1. Look for the module with action name
@ -465,15 +468,15 @@ class ModuleHandler extends Handler
if(!isset($xml_info->action->{$this->act})) if(!isset($xml_info->action->{$this->act}))
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_NOT_FOUND');
} }
elseif ($xml_info->action->{$this->act}->standalone === 'auto' && $this->module !== 'admin' && $this->module !== $module) elseif ($xml_info->action->{$this->act}->standalone === 'auto' && $this->module !== 'admin' && $this->module !== $module)
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
} }
elseif ($xml_info->action->{$this->act}->standalone === 'false' && $this->module !== 'admin') elseif ($xml_info->action->{$this->act}->standalone === 'false' && $this->module !== 'admin')
{ {
return self::_createErrorMessage(-1, 'msg_invalid_request'); return self::_createErrorMessage(-1, 'msg_invalid_request', 403, 'ERR_ACT_IS_NOT_STANDALONE');
} }
else else
{ {
@ -527,7 +530,7 @@ class ModuleHandler extends Handler
{ {
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF()) if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{ {
return self::_createErrorMessage(-1, 'msg_security_violation'); return self::_createErrorMessage(-1, 'msg_security_violation', 403, 'ERR_CSRF_CHECK_FAILED');
} }
} }
@ -564,7 +567,7 @@ class ModuleHandler extends Handler
if(!is_object($oModule)) if(!is_object($oModule))
{ {
return self::_createErrorMessage(-1, 'msg_module_is_not_exists', 404); return self::_createErrorMessage(-1, 'msg_module_class_not_found', 404);
} }
// Admin page layout // Admin page layout
@ -934,9 +937,8 @@ class ModuleHandler extends Handler
/** /**
* Create a message module instance with an error message. * Create a message module instance with an error message.
*/ */
protected static function _createErrorMessage($error, $message, $status_code = 403, $location = null) protected static function _createErrorMessage($error, $message, $status_code = 403, $detail = '', $location = null)
{ {
$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
if (!$location) if (!$location)
{ {
$backtrace = debug_backtrace(false); $backtrace = debug_backtrace(false);
@ -945,11 +947,11 @@ class ModuleHandler extends Handler
} }
self::_setInputErrorToContext(); self::_setInputErrorToContext();
$oMessageObject = self::getModuleInstance('message', $display_mode); $oMessageObject = MessageView::getInstance();
$oMessageObject->setError($error); $oMessageObject->setError($error);
$oMessageObject->setMessage($message); $oMessageObject->setMessage($message);
$oMessageObject->setHttpStatusCode($status_code ?: 403); $oMessageObject->setHttpStatusCode($status_code ?: 403);
$oMessageObject->dispMessage('', $location); $oMessageObject->dispMessage($detail, $location);
return $oMessageObject; return $oMessageObject;
} }
@ -1039,7 +1041,7 @@ class ModuleHandler extends Handler
if($this->error) if($this->error)
{ {
// display content with message module instance // display content with message module instance
$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $oModule->get('rx_error_location')); $oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, '', $oModule->get('rx_error_location'));
// display Error Page // display Error Page
if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403))) if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403)))

5
classes/module/ModuleObject.class.php
View file

@ -444,11 +444,10 @@ class ModuleObject extends BaseObject
$location = $caller['file'] . ':' . $caller['line']; $location = $caller['file'] . ':' . $caller['line'];
// Error message display by message module // Error message display by message module
$type = Mobile::isFromMobilePhone() ? 'mobile' : 'view'; $oMessageObject = MessageView::getInstance();
$oMessageObject = ModuleHandler::getModuleInstance('message', $type);
$oMessageObject->setError(-1); $oMessageObject->setError(-1);
$oMessageObject->setMessage($msg_code); $oMessageObject->setMessage($msg_code);
$oMessageObject->dispMessage(null, $location); $oMessageObject->dispMessage('', $location);
$this->setTemplatePath($oMessageObject->getTemplatePath()); $this->setTemplatePath($oMessageObject->getTemplatePath());
$this->setTemplateFile($oMessageObject->getTemplateFile()); $this->setTemplateFile($oMessageObject->getTemplateFile());

8
common/framework/session.php
View file

@ -374,12 +374,12 @@ class Session
$sso_request = Security::decrypt(\Context::get('sso_request')); $sso_request = Security::decrypt(\Context::get('sso_request'));
if (!$sso_request || !preg_match('!^https?://!', $sso_request)) if (!$sso_request || !preg_match('!^https?://!', $sso_request))
{ {
\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400); \Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
exit; exit;
} }
if (!URL::isInternalUrl($sso_request) || !URL::isInternalURL($_SERVER['HTTP_REFERER'])) if (!URL::isInternalUrl($sso_request) || !URL::isInternalURL($_SERVER['HTTP_REFERER']))
{ {
\Context::displayErrorPage('SSO Error', 'Invalid SSO Request', 400); \Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_REQUEST', 400);
exit; exit;
} }
@ -400,14 +400,14 @@ class Session
$sso_response = Security::decrypt(\Context::get('sso_response')); $sso_response = Security::decrypt(\Context::get('sso_response'));
if ($sso_response === false) if ($sso_response === false)
{ {
\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400); \Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
exit; exit;
} }
// Check that the response was given by the default site (to prevent session fixation CSRF). // Check that the response was given by the default site (to prevent session fixation CSRF).
if(isset($_SERVER['HTTP_REFERER']) && !URL::isInternalURL($_SERVER['HTTP_REFERER'])) if(isset($_SERVER['HTTP_REFERER']) && !URL::isInternalURL($_SERVER['HTTP_REFERER']))
{ {
\Context::displayErrorPage('SSO Error', 'Invalid SSO Response', 400); \Context::displayErrorPage('SSO Error', 'ERR_INVALID_SSO_RESPONSE', 400);
exit; exit;
} }