From fd421c86fca5391fe34f6b7546d9408bb64130a4 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 13 Oct 2022 00:34:23 +0900
Subject: [PATCH] Add more error codes in critical code paths in Context and
 ModuleHandler

---
 classes/context/Context.class.php      | 7 +++++++
 classes/module/ModuleHandler.class.php | 5 ++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index 82bb6c9d8..786e58ea3 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -117,6 +117,7 @@ class Context
 	 * @var string|bool
 	 */
 	public $security_check = 'OK';
+	public $security_check_detail = '';
 
 	/**
 	 * Singleton instance
@@ -1051,6 +1052,7 @@ class Context
 		if (!self::_recursiveCheckVar($_SERVER['HTTP_HOST']) || preg_match("/[\,\"\'\{\}\[\]\(\);$]/", $_SERVER['HTTP_HOST']))
 		{
 			self::$_instance->security_check = 'DENY ALL';
+			self::$_instance->security_check_detail = 'ERR_UNSAFE_ENV';
 		}
 	}
 
@@ -1184,6 +1186,7 @@ class Context
 				if(!Rhymix\Framework\Security::checkXXE($GLOBALS['HTTP_RAW_POST_DATA']))
 				{
 					self::$_instance->security_check = 'DENY ALL';
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_XML';
 					$GLOBALS['HTTP_RAW_POST_DATA'] = '';
 					return;
 				}
@@ -1257,6 +1260,7 @@ class Context
 				if(!UploadFileFilter::check($tmp_name, $val['name']))
 				{
 					self::$_instance->security_check = 'DENY ALL';
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_FILE';
 					unset($_FILES[$key]);
 					continue;
 				}
@@ -1280,6 +1284,7 @@ class Context
 					if(!UploadFileFilter::check($val['tmp_name'][$i], $val['name'][$i]))
 					{
 						self::$_instance->security_check = 'DENY ALL';
+						self::$_instance->security_check_detail = 'ERR_UNSAFE_FILE';
 						$files = array();
 						unset($_FILES[$key]);
 						break;
@@ -1315,6 +1320,7 @@ class Context
 				if(preg_match($pattern, $val))
 				{
 					self::$_instance->security_check = $status;
+					self::$_instance->security_check_detail = 'ERR_UNSAFE_VAR';
 					if($status === 'DENY ALL')
 					{
 						return false;
@@ -1422,6 +1428,7 @@ class Context
 					if($_val === null)
 					{
 						self::$_instance->security_check = 'DENY ALL';
+						self::$_instance->security_check_detail = 'ERR_UNSAFE_VAR';
 					}
 				}
 				elseif(in_array($key, array('search_target', 'search_keyword', 'xe_validator_id')) || ($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'GET')
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 649589d4f..17f262e32 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -73,12 +73,14 @@ class ModuleHandler extends Handler
 				if(!Context::get('logged_info')->isAdmin())
 				{
 					$this->error = 'msg_security_violation';
+					$this->error_detail = $oContext->security_check_detail;
 					return;
 				}
 				break;
 			case 'DENY ALL':
 			default:
 				$this->error = 'msg_security_violation';
+				$this->error_detail = $oContext->security_check_detail;
 				return;
 		}
 
@@ -138,6 +140,7 @@ class ModuleHandler extends Handler
 					
 					case 'block':
 						$this->error = 'The site does not exist';
+						$this->error_detail = 'ERR_DOMAIN_NOT_FOUND';
 						$this->httpStatusCode = 404;
 						return true;
 						
@@ -1041,7 +1044,7 @@ class ModuleHandler extends Handler
 			if($this->error)
 			{
 				// display content with message module instance
-				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, '', $oModule->get('rx_error_location'));
+				$oMessageObject = self::_createErrorMessage(-1, $this->error, $this->httpStatusCode, $this->error_detail, $oModule->get('rx_error_location'));
 
 				// display Error Page
 				if(!in_array($oMessageObject->getHttpStatusCode(), array(200, 403)))