From bb87f5d13e747bd3e837c2047c549231f8987201 Mon Sep 17 00:00:00 2001
From: Markus Klein <markus.klein@typo3.org>
Date: Sun, 29 Oct 2017 18:05:15 +0100
Subject: [PATCH] [BUGFIX] Validate page error handler result to report wrong
configuration
Resolves: #50186
Releases: master, 8.7
Change-Id: I082a2d48608d43856cd60076852a19aec8a21a7e
Reviewed-on: https://review.typo3.org/54494
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Henning Liebe <h.liebe@neusta.de>
Tested-by: Henning Liebe <h.liebe@neusta.de>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
---
.../core/Classes/Utility/GeneralUtility.php | 2 +-
.../TypoScriptFrontendController.php | 18 +++++++++++++-----
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/typo3/sysext/core/Classes/Utility/GeneralUtility.php b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
index ee5a342404ee..49a69a0c9175 100644
--- a/typo3/sysext/core/Classes/Utility/GeneralUtility.php
+++ b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
@@ -1808,7 +1808,7 @@ class GeneralUtility
$response = $requestFactory->request($url, 'GET', $configuration);
} catch (RequestException $exception) {
if (isset($report)) {
- $report['error'] = $exception->getHandlerContext()['errno'];
+ $report['error'] = $exception->getCode();
$report['message'] = $exception->getMessage();
$report['exception'] = $exception;
}
diff --git a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
index 5fdd29043964..2bd0d4067865 100644
--- a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
+++ b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
@@ -1901,7 +1901,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
/**
* Page unavailable handler. Acts a wrapper for the pageErrorHandler method.
*
- * @param mixed $code Which type of handling; If a true PHP-boolean or TRUE then a \TYPO3\CMS\Core\Messaging\ErrorpageMessage is outputted. If integer an error message with that number is shown. Otherwise the $code value is expected to be a "Location:" header value.
+ * @param mixed $code See ['FE']['pageUnavailable_handling'] for possible values
* @param string $header If set, this is passed directly to the PHP function, header()
* @param string $reason If set, error messages will also mention this as the reason for the page-not-found.
*/
@@ -1913,7 +1913,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
/**
* Page not found handler. Acts a wrapper for the pageErrorHandler method.
*
- * @param mixed $code Which type of handling; If a true PHP-boolean or TRUE then a \TYPO3\CMS\Core\Messaging\ErrorpageMessage is outputted. If integer an error message with that number is shown. Otherwise the $code value is expected to be a "Location:" header value.
+ * @param mixed $code See docs of ['FE']['pageNotFound_handling'] for possible values
* @param string $header If set, this is passed directly to the PHP function, header()
* @param string $reason If set, error messages will also mention this as the reason for the page-not-found.
*/
@@ -1926,7 +1926,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
* Generic error page handler.
* Exits.
*
- * @param mixed $code Which type of handling; If a true PHP-boolean or TRUE then a \TYPO3\CMS\Core\Messaging\ErrorpageMessage is outputted. If integer an error message with that number is shown. Otherwise the $code value is expected to be a "Location:" header value.
+ * @param mixed $code See docs of ['FE']['pageNotFound_handling'] and ['FE']['pageUnavailable_handling'] for all possible values
* @param string $header If set, this is passed directly to the PHP function, header()
* @param string $reason If set, error messages will also mention this as the reason for the page-not-found.
* @throws \RuntimeException
@@ -1954,7 +1954,11 @@ class TypoScriptFrontendController implements LoggerAwareInterface
'reasonText' => $reason,
'pageAccessFailureReasons' => $this->getPageAccessFailureReasons()
];
- echo GeneralUtility::callUserFunction($funcRef, $params, $this);
+ try {
+ echo GeneralUtility::callUserFunction($funcRef, $params, $this);
+ } catch (\Exception $e) {
+ throw new \RuntimeException('Error: 404 page by USER_FUNCTION "' . $funcRef . '" failed.', 1509296032, $e);
+ }
} elseif (GeneralUtility::isFirstPartOfStr($code, 'READFILE:')) {
$readFile = GeneralUtility::getFileAbsFileName(trim(substr($code, 9)));
if (@is_file($readFile)) {
@@ -2002,7 +2006,11 @@ class TypoScriptFrontendController implements LoggerAwareInterface
'User-agent: ' . GeneralUtility::getIndpEnv('HTTP_USER_AGENT'),
'Referer: ' . GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL')
];
- $res = GeneralUtility::getUrl($code, 1, $headerArr);
+ $report = [];
+ $res = GeneralUtility::getUrl($code, 1, $headerArr, $report);
+ if ((int)$report['error'] !== 0 && (int)$report['error'] !== 200) {
+ throw new \RuntimeException('Failed to fetch error page "' . $code . '", reason: ' . $report['message'], 1509296606);
+ }
// Header and content are separated by an empty line
list($header, $content) = explode(CRLF . CRLF, $res, 2);
$content .= CRLF;
--
GitLab