[SECURITY] XSS in exception handler
[Packages/TYPO3.CMS.git] / t3lib / error / class.t3lib_error_debugexceptionhandler.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009-2011 Ingo Renner <ingo@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25
26 /**
27 * A basic but solid exception handler which catches everything which
28 * falls through the other exception handlers and provides useful debugging
29 * information.
30 *
31 * This file is a backport from FLOW3
32 *
33 * @package TYPO3
34 * @subpackage t3lib_error
35 * @version $Id$
36 */
37 class t3lib_error_DebugExceptionHandler extends t3lib_error_AbstractExceptionHandler {
38
39 /**
40 * Constructs this exception handler - registers itself as the default exception handler.
41 *
42 * @author Robert Lemke <robert@typo3.org>
43 */
44 public function __construct() {
45 set_exception_handler(array($this, 'handleException'));
46 }
47
48 /**
49 * Formats and echoes the exception as XHTML.
50 *
51 * @param Exception $exception The exception object
52 * @return void
53 * @author Robert Lemke <robert@typo3.org>
54 */
55 public function echoExceptionWeb(Exception $exception) {
56 if (!headers_sent()) {
57 header("HTTP/1.1 500 Internal Server Error");
58 }
59
60 $filePathAndName = $exception->getFile();
61
62 $exceptionCodeNumber = ($exception->getCode() > 0) ? '#' . $exception->getCode() . ': ' : '';
63
64 /**
65 * TODO: 25.09.2009
66 * either remove this line or let the link point to site that offers error information for TYPO3
67 */
68
69 // $moreInformationLink = ($exceptionCodeNumber != '') ? '(<a href="' . TYPO3_URL_EXCEPTION . $exception->getCode() . '">More information</a>)' : '';
70 $backtraceCode = $this->getBacktraceCode($exception->getTrace());
71
72 $this->writeLogEntries($exception, self::CONTEXT_WEB);
73
74 // Set the XML prologue
75 $xmlPrologue = '<?xml version="1.0" encoding="utf-8"?>';
76
77 // Set the doctype declaration
78 $docType = '<!DOCTYPE html
79 PUBLIC "-//W3C//DTD XHTML 1.1//EN"
80 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">';
81
82 // Get the browser info
83 $browserInfo = t3lib_utility_Client::getBrowserInfo(t3lib_div::getIndpEnv('HTTP_USER_AGENT'));
84
85 // Put the XML prologue before or after the doctype declaration according to browser
86 if ($browserInfo['browser'] === 'msie' && $browserInfo['version'] < 7) {
87 $headerStart = $docType . LF . $xmlPrologue;
88 } else {
89 $headerStart = $xmlPrologue . LF . $docType;
90 }
91
92 echo $headerStart . '
93 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
94 <head>
95 <title>TYPO3 Exception</title>
96 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
97 <style type="text/css">
98 .ExceptionProperty {
99 color: #101010;
100 }
101 pre {
102 margin: 0;
103 font-size: 11px;
104 color: #515151;
105 background-color: #D0D0D0;
106 padding-left: 30px;
107 }
108 </style>
109 </head>
110 <body>
111 <div style="
112 position: absolute;
113 left: 10px;
114 background-color: #B9B9B9;
115 outline: 1px solid #515151;
116 color: #515151;
117 font-family: Arial, Helvetica, sans-serif;
118 font-size: 12px;
119 margin: 10px;
120 padding: 0;
121 ">
122 <div style="width: 100%; background-color: #515151; color: white; padding: 2px; margin: 0 0 6px 0;">Uncaught TYPO3 Exception</div>
123 <div style="width: 100%; padding: 2px; margin: 0 0 6px 0;">
124 <strong style="color: #BE0027;">' . $exceptionCodeNumber . htmlspecialchars($exception->getMessage()) . '</strong> ' . /* $moreInformationLink .*/
125 '<br />
126 <br />
127 <span class="ExceptionProperty">' . get_class($exception) . '</span> thrown in file<br />
128 <span class="ExceptionProperty">' . htmlspecialchars($filePathAndName) . '</span> in line
129 <span class="ExceptionProperty">' . $exception->getLine() . '</span>.<br />
130 <br />
131 ' . $backtraceCode . '
132 </div>
133 </div>
134 </body>
135 </html>
136 ';
137 }
138
139 /**
140 * Formats and echoes the exception for the command line
141 *
142 * @param Exception $exception The exception object
143 * @return void
144 * @author Robert Lemke <robert@typo3.org>
145 */
146 public function echoExceptionCLI(Exception $exception) {
147 $filePathAndName = $exception->getFile();
148 $exceptionCodeNumber = ($exception->getCode() > 0) ? '#' . $exception->getCode() . ': ' : '';
149 $this->writeLogEntries($exception, self::CONTEXT_CLI);
150
151 echo "\nUncaught TYPO3 Exception " . $exceptionCodeNumber . $exception->getMessage() . LF;
152 echo "thrown in file " . $filePathAndName . LF;
153 echo "in line " . $exception->getLine() . "\n\n";
154 }
155
156 /**
157 * Renders some backtrace
158 *
159 * @param array $trace The trace
160 * @return string Backtrace information
161 * @author Robert Lemke <robert@typo3.org>
162 */
163 protected function getBacktraceCode(array $trace) {
164 $backtraceCode = '';
165 if (count($trace)) {
166 foreach ($trace as $index => $step) {
167 $class = isset($step['class']) ? $step['class'] . '<span style="color:white;">::</span>' : '';
168
169 $arguments = '';
170 if (isset($step['args']) && is_array($step['args'])) {
171 foreach ($step['args'] as $argument) {
172 $arguments .= (strlen($arguments) === 0) ? '' : '<span style="color:white;">,</span> ';
173 if (is_object($argument)) {
174 $arguments .= '<span style="color:#FF8700;"><em>' . get_class($argument) . '</em></span>';
175 } elseif (is_string($argument)) {
176 $preparedArgument = (strlen($argument) < 100) ? $argument : substr($argument, 0, 50) . '#tripleDot#' . substr($argument, -50);
177 $preparedArgument = htmlspecialchars($preparedArgument);
178 $preparedArgument = str_replace('#tripleDot#', '<span style="color:white;">&hellip;</span>', $preparedArgument);
179 $preparedArgument = str_replace(LF, '<span style="color:white;">&crarr;</span>', $preparedArgument);
180 $arguments .= '"<span style="color:#FF8700;" title="' . htmlspecialchars($argument) . '">' . $preparedArgument . '</span>"';
181 } elseif (is_numeric($argument)) {
182 $arguments .= '<span style="color:#FF8700;">' . (string) $argument . '</span>';
183 } else {
184 $arguments .= '<span style="color:#FF8700;"><em>' . gettype($argument) . '</em></span>';
185 }
186 }
187 }
188
189 $backtraceCode .= '<pre style="color:#69A550; background-color: #414141; padding: 4px 2px 4px 2px;">';
190 $backtraceCode .= '<span style="color:white;">' . (count($trace) - $index) . '</span> ' . $class . $step['function'] . '<span style="color:white;">(' . $arguments . ')</span>';
191 $backtraceCode .= '</pre>';
192
193 if (isset($step['file'])) {
194 $backtraceCode .= $this->getCodeSnippet($step['file'], $step['line']) . '<br />';
195 }
196 }
197 }
198
199 return $backtraceCode;
200 }
201
202 /**
203 * Returns a code snippet from the specified file.
204 *
205 * @param string $filePathAndName Absolute path and file name of the PHP file
206 * @param integer $lineNumber Line number defining the center of the code snippet
207 * @return string The code snippet
208 * @author Robert Lemke <robert@typo3.org>
209 */
210 protected function getCodeSnippet($filePathAndName, $lineNumber) {
211 $codeSnippet = '<br />';
212 if (@file_exists($filePathAndName)) {
213 $phpFile = @file($filePathAndName);
214 if (is_array($phpFile)) {
215 $startLine = ($lineNumber > 2) ? ($lineNumber - 2) : 1;
216 $endLine = ($lineNumber < (count($phpFile) - 2)) ? ($lineNumber + 3) : count($phpFile) + 1;
217 if ($endLine > $startLine) {
218 $codeSnippet = '<br /><span style="font-size:10px;">' . $filePathAndName . ':</span><br /><pre>';
219 for ($line = $startLine; $line < $endLine; $line++) {
220 $codeLine = str_replace(TAB, ' ', $phpFile[$line - 1]);
221
222 if ($line === $lineNumber) {
223 $codeSnippet .= '</pre><pre style="background-color: #F1F1F1; color: black;">';
224 }
225 $codeSnippet .= sprintf('%05d', $line) . ': ' . $codeLine;
226 if ($line === $lineNumber) {
227 $codeSnippet .= '</pre><pre>';
228 }
229 }
230 $codeSnippet .= '</pre>';
231 }
232 }
233 }
234 return $codeSnippet;
235 }
236 }
237
238
239 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/error/class.t3lib_error_debugexceptionhandler.php'])) {
240 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/error/class.t3lib_error_debugexceptionhandler.php']);
241 }
242
243 ?>