Bug #10136: WebRenderer::serveError leaks error details to end user - Wt - Redmine

Actions

Bug #10136

closed

WebRenderer::serveError leaks error details to end user

Added by Roel Standaert over 1 year ago. Updated about 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Roel Standaert

Target version:

Start date:

04/08/2022

Due date:

% Done:

100%

Estimated time:

Description

serveError is used in several places where an unexpected exception is caught. The what() of this exception is then sent to the user.

We should not do this, at least not by default. Maybe we could allow the developer to turn it on for development, but normally the user should not get more information than "something went wrong", otherwise a malicious actor may be able to gain valuable information.

Actions

#1

Updated by Roel Standaert about 1 year ago

Status changed from New to InProgress
Assignee set to Roel Standaert

Actions

#2

Updated by Roel Standaert about 1 year ago

Status changed from InProgress to Review
Assignee deleted (~~Roel Standaert~~)

Actions

#3

Updated by Roel Standaert about 1 year ago

Status changed from Review to Implemented @Emweb

Actions

#4

Updated by Roel Standaert about 1 year ago

% Done changed from 0 to 100

Actions

#5

Updated by Roel Standaert about 1 year ago

Status changed from Implemented @Emweb to Resolved

Actions

#6

Updated by Roel Standaert about 1 year ago

Assignee set to Roel Standaert

Actions

#7

Updated by Roel Standaert about 1 year ago

Status changed from Resolved to Closed

Actions

Also available in: Atom PDF