makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 20:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #68 from phpbb/ticket/security/275

Browse source 
[ticket/security/275] Gracefully handle exceptions thrown by wrong cron route
This commit is contained in:
Marc Alexander 2023-01-12 20:33:42 +01:00
commit 9feae900d3
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
2 changed files with 40 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
phpBB/cron.php
View file

@ -12,6 +12,9 @@
*/ */
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Exception\ExceptionInterface;
use Symfony\Component\Routing\Exception\RouteNotFoundException;
/** /**
*/ */
@ -30,8 +33,38 @@ $get_params_array = $request->get_super_global(\phpbb\request\request_interface:
/** @var \phpbb\controller\helper $controller_helper */ /** @var \phpbb\controller\helper $controller_helper */
$controller_helper = $phpbb_container->get('controller.helper'); $controller_helper = $phpbb_container->get('controller.helper');
$cron_route = 'phpbb_cron_run';
try
{
$response = new RedirectResponse( $response = new RedirectResponse(
$controller_helper->route('phpbb_cron_run', $get_params_array, false), $controller_helper->route($cron_route, $get_params_array, false),
301 Response::HTTP_MOVED_PERMANENTLY
);
$response->send();
}
catch (RouteNotFoundException $exception)
{
$error = 'ROUTE_NOT_FOUND';
$error_parameters = $cron_route;
$error_code = Response::HTTP_NOT_FOUND;
}
catch (ExceptionInterface $exception)
{
$error = 'ROUTE_INVALID_MISSING_PARAMS';
$error_parameters = $cron_route;
$error_code = Response::HTTP_BAD_REQUEST;
}
catch (Throwable $exception)
{
$error = $exception->getMessage();
$error_parameters = [];
$error_code = Response::HTTP_INTERNAL_SERVER_ERROR;
}
$language = $phpbb_container->get('language');
$response = new Response(
$language->lang($error, $error_parameters),
$error_code
); );
$response->send(); $response->send();

4
phpBB/language/en/common.php
View file

@ -678,6 +678,10 @@ $lang = array_merge($lang, array(
'RETURN_TOPIC' => '%sReturn to the topic last visited%s', 'RETURN_TOPIC' => '%sReturn to the topic last visited%s',
'RETURN_TO' => 'Return to “%s”', 'RETURN_TO' => 'Return to “%s”',
'RETURN_TO_INDEX' => 'Return to Board Index', 'RETURN_TO_INDEX' => 'Return to Board Index',
'ROUTE_NOT_FOUND' => 'The requested route “%s” could not be found.',
'ROUTE_INVALID_MISSING_PARAMS' => 'Invalid or missing parameters passed for route “%s”.',
'FEED' => 'Feed', 'FEED' => 'Feed',
'FEED_NEWS' => 'News', 'FEED_NEWS' => 'News',
'FEED_TOPICS_ACTIVE' => 'Active Topics', 'FEED_TOPICS_ACTIVE' => 'Active Topics',