[SECURITY] Add trusted HTTP_HOST configuration
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Error / ProductionExceptionHandler.php
1 <?php
2 namespace TYPO3\CMS\Core\Error;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2009-2013 Ingo Renner <ingo@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26 use TYPO3\CMS\Core\Messaging\ErrorpageMessage;
27
28 /**
29 * A quite exception handler which catches but ignores any exception.
30 *
31 * This file is a backport from FLOW3
32 *
33 * @author Ingo Renner <ingo@typo3.org>
34 */
35 class ProductionExceptionHandler extends \TYPO3\CMS\Core\Error\AbstractExceptionHandler {
36
37 /**
38 * Default title for error messages
39 *
40 * @var string
41 */
42 protected $defaultTitle = 'Oops, an error occurred!';
43
44 /**
45 * Default message for error messages
46 *
47 * @var string
48 */
49 protected $defaultMessage = '';
50
51 /**
52 * Constructs this exception handler - registers itself as the default exception handler.
53 *
54 * @author Robert Lemke <robert@typo3.org>
55 */
56 public function __construct() {
57 set_exception_handler(array($this, 'handleException'));
58 }
59
60 /**
61 * Echoes an exception for the web.
62 *
63 * @param Exception $exception The exception
64 * @return void
65 */
66 public function echoExceptionWeb(\Exception $exception) {
67 $this->sendStatusHeaders($exception);
68 $this->writeLogEntries($exception, self::CONTEXT_WEB);
69 $messageObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\ErrorpageMessage', $this->getMessage($exception), $this->getTitle($exception));
70 $messageObj->output();
71 }
72
73 /**
74 * Echoes an exception for the command line.
75 *
76 * @param Exception $exception The exception
77 * @return void
78 */
79 public function echoExceptionCLI(\Exception $exception) {
80 $this->writeLogEntries($exception, self::CONTEXT_CLI);
81 die(1);
82 }
83
84 /**
85 * Determines, whether Exception details should be outputted
86 *
87 * @param Exception $exception The exception
88 * @return boolean
89 */
90 protected function discloseExceptionInformation(\Exception $exception) {
91 // Allow message to be shown in production mode if the exception is about
92 // trusted host configuration. By doing so we do not disclose
93 // any valuable information to an attacker but avoid confusions among TYPO3 admins
94 // in production context.
95 if ($exception->getCode() === 1396795884) {
96 return TRUE;
97 }
98 // Show client error messages 40x in every case
99 if ($exception instanceof \TYPO3\CMS\Core\Error\Http\AbstractClientErrorException) {
100 return TRUE;
101 }
102 // Only show errors in FE, if a BE user is authenticated
103 if (TYPO3_MODE === 'FE') {
104 return $GLOBALS['TSFE']->beUserLogin;
105 }
106 return TRUE;
107 }
108
109 /**
110 * Returns the title for the error message
111 *
112 * @param Exception $exception Exception causing the error
113 * @return string
114 */
115 protected function getTitle(\Exception $exception) {
116 if ($this->discloseExceptionInformation($exception) && method_exists($exception, 'getTitle') && strlen($exception->getTitle()) > 0) {
117 return htmlspecialchars($exception->getTitle());
118 } else {
119 return $this->defaultTitle;
120 }
121 }
122
123 /**
124 * Returns the message for the error message
125 *
126 * @param Exception $exception Exception causing the error
127 * @return string
128 */
129 protected function getMessage(\Exception $exception) {
130 if ($this->discloseExceptionInformation($exception)) {
131 // Exception has an error code given
132 if ($exception->getCode() > 0) {
133 $moreInformationLink = '<p>More information regarding this error might be available <a href="' . TYPO3_URL_EXCEPTION . $exception->getCode() . '" target="_blank">online</a>.</p>';
134 } else {
135 $moreInformationLink = '';
136 }
137 return htmlspecialchars($exception->getMessage()) . $moreInformationLink;
138 } else {
139 return $this->defaultMessage;
140 }
141 }
142
143 }
144
145
146 ?>