Add more error codes in critical code paths in Context and ModuleHandler

2026-01-05 17:51:40 +09:00 · 2022-10-13 00:34:23 +09:00 · 2022-10-13 00:34:23 +09:00 · fd421c86fc
commit fd421c86fc
parent e4e252c1b4
2 changed files with 11 additions and 1 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -117,6 +117,7 @@ class Context
 	 * @var string|bool
 	 */
 	public $security_check = 'OK';
+	public $security_check_detail = '';

 	/**
 	 * Singleton instance
@ -1051,6 +1052,7 @@ class Context
 		if (!self::_recursiveCheckVar($_SERVER['HTTP_HOST']) || preg_match("/[\,\"\'\{\}\[\]\(\);$]/", $_SERVER['HTTP_HOST']))
 		{
 			self::$_instance->security_check = 'DENY ALL';
+			self::$_instance->security_check_detail = 'ERR_UNSAFE_ENV';
 		}
 	}

@ -1184,6 +1186,7 @@ class Context
 				if(!Rhymix\Framework\Security::checkXXE($GLOBALS['HTTP_RAW_POST_DATA']))
 				{
 					self::$_instance->security_check = 'DENY ALL';
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_XML';
 					$GLOBALS['HTTP_RAW_POST_DATA'] = '';
 					return;
 				}
@ -1257,6 +1260,7 @@ class Context
 				if(!UploadFileFilter::check($tmp_name, $val['name']))
 				{
 					self::$_instance->security_check = 'DENY ALL';
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_FILE';
 					unset($_FILES[$key]);
 					continue;
 				}
@ -1280,6 +1284,7 @@ class Context
 					if(!UploadFileFilter::check($val['tmp_name'][$i], $val['name'][$i]))
 					{
 						self::$_instance->security_check = 'DENY ALL';
+						self::$_instance->security_check_detail = 'ERR_UNSAFE_FILE';
 						$files = array();
 						unset($_FILES[$key]);
 						break;
@ -1315,6 +1320,7 @@ class Context
 				if(preg_match($pattern, $val))
 				{
 					self::$_instance->security_check = $status;
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_VAR';
 					if($status === 'DENY ALL')
 					{
 						return false;
@ -1422,6 +1428,7 @@ class Context
 					if($_val === null)
 					{
 						self::$_instance->security_check = 'DENY ALL';
+						self::$_instance->security_check_detail = 'ERR_UNSAFE_VAR';
 					}
 				}
 				elseif(in_array($key, array('search_target', 'search_keyword', 'xe_validator_id')) || ($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'GET')
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -73,12 +73,14 @@ class ModuleHandler extends Handler
 				if(!Context::get('logged_info')->isAdmin())
 				{
 					$this->error = 'msg_security_violation';
+					$this->error_detail = $oContext->security_check_detail;
 					return;
 				}
 				break;
 			case 'DENY ALL':
 			default:
 				$this->error = 'msg_security_violation';
+				$this->error_detail = $oContext->security_check_detail;
 				return;
 		}

@ -138,6 +140,7 @@ class ModuleHandler extends Handler
 					
 					case 'block':
 						$this->error = 'The site does not exist';
+						$this->error_detail = 'ERR_DOMAIN_NOT_FOUND';
 						$this->httpStatusCode = 404;
 						return true;
 						
@ -1041,7 +1044,7 @@ class ModuleHandler extends Handler
 			if($this->error)
 			{
 				// display content with message module instance
-				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, '', $oModule->get('rx_error_location'));
+				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $this->error_detail, $oModule->get('rx_error_location'));

 				// display Error Page
 				if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403)))