1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Kohana_Exception extends Kohana_Exception_Core {
/**
* Dump out the full stack trace as part of the text representation of the exception.
*/
public static function text($e) {
return sprintf(
"%s [ %s ]: %s\n%s [ %s ]\n%s",
get_class($e), $e->getCode(), strip_tags($e->getMessage()),
$e->getFile(), $e->getLine(),
$e->getTraceAsString());
}
public static function handle(Exception $e) {
if ($e instanceof ORM_Validation_Exception) {
Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1));
}
try {
$user = identity::active_user();
$try_themed_view = $user && !$user->admin;
} catch (Exception $e2) {
$try_themed_view = false;
}
if ($try_themed_view) {
try {
return self::_show_themed_error_page($e);
} catch (Exception $e3) {
Kohana_Log::add("error", "Exception in exception handling code: " . self::text($e3));
return parent::handle($e);
}
} else {
return parent::handle($e);
}
}
/**
* Shows a themed error page.
* @see Kohana_Exception::handle
*/
private static function _show_themed_error_page(Exception $e) {
// Create a text version of the exception
$error = Kohana_Exception::text($e);
// Add this exception to the log
Kohana_Log::add('error', $error);
// Manually save logs after exceptions
Kohana_Log::save();
if (!headers_sent()) {
if ($e instanceof Kohana_Exception) {
$e->sendHeaders();
} else {
header("HTTP/1.1 500 Internal Server Error");
}
}
$view = new Theme_View("page.html", "other", "error");
if ($e instanceof Kohana_404_Exception) {
$view->page_title = t("Dang... Page not found!");
$view->content = new View("error_404.html");
$user = identity::active_user();
$view->content->is_guest = $user && $user->guest;
if ($view->content->is_guest) {
$view->content->login_form = new View("login_ajax.html");
$view->content->login_form->form = auth::get_login_form("login/auth_html");
// Avoid anti-phishing protection by passing the url as session variable.
Session::instance()->set("continue_url", url::current(true));
}
} else {
$view->page_title = t("Dang... Something went wrong!");
$view->content = new View("error.html");
}
print $view;
}
/**
* @see Kohana_Exception::dump()
*/
public static function dump($value, $length=128, $max_level=5) {
return self::safe_dump($value, null, $length, $max_level);
}
/**
* A safer version of dump(), eliding sensitive information in the dumped
* data, such as session ids and passwords / hashes.
*/
public static function safe_dump($value, $key, $length=128, $max_level=5) {
return parent::dump(self::_sanitize_for_dump($value, $key), $length, $max_level);
}
/**
* Elides sensitive data which shouldn't be echoed to the client,
* such as passwords, and other secrets.
*/
/* Visible for testing*/ static function _sanitize_for_dump($value, $key=null) {
// Better elide too much than letting something through.
// Note: unanchored match is intended.
$sensitive_info_pattern =
'/(password|pass|email|hash|private_key|session_id|session|g3sid|csrf|secret)/i';
if (preg_match($sensitive_info_pattern, $key) ||
(is_string($value) && preg_match('/[a-f0-9]{20,}/i', $value))) {
return 'removed for display';
} else if (is_object($value)) {
if ($value instanceof Database) {
// Elide database password, host, name, user, etc.
return get_class($value) . ' object - details omitted for display';
} else if ($value instanceof User_Model) {
return get_class($value) . ' object for "' . $value->name . '" - details omitted for display';
}
return self::_sanitize_for_dump((array) $value, $key);
} else if (is_array($value)) {
$result = array();
foreach ($value as $k => $v) {
$actual_key = $k;
$key_for_display = $k;
if ($k[0] === "\x00") {
// Remove the access level from the variable name
$actual_key = substr($k, strrpos($k, "\x00") + 1);
$access = $k[1] === '*' ? 'protected' : 'private';
$key_for_display = "$access: $actual_key";
}
if (is_object($v)) {
$key_for_display .= ' (type: ' . get_class($v) . ')';
}
$result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key);
}
} else {
$result = $value;
}
return $result;
}
}
|
