Project

General

Profile

Bug #10136

WebRenderer::serveError leaks error details to end user

Added by Roel Standaert 12 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Roel Standaert
Target version:
4.8.0
Start date:
04/08/2022
Due date:
% Done:

100%

Estimated time:

Description

serveError is used in several places where an unexpected exception is caught. The what() of this exception is then sent to the user.

We should not do this, at least not by default. Maybe we could allow the developer to turn it on for development, but normally the user should not get more information than "something went wrong", otherwise a malicious actor may be able to gain valuable information.

#1

Updated by Roel Standaert 9 months ago

  • Status changed from New to InProgress
  • Assignee set to Roel Standaert
#2

Updated by Roel Standaert 9 months ago

  • Status changed from InProgress to Review
  • Assignee deleted (Roel Standaert)
#3

Updated by Roel Standaert 9 months ago

  • Status changed from Review to Implemented @Emweb
#4

Updated by Roel Standaert 9 months ago

  • % Done changed from 0 to 100
#5

Updated by Roel Standaert 9 months ago

  • Status changed from Implemented @Emweb to Resolved
#6

Updated by Roel Standaert 9 months ago

  • Assignee set to Roel Standaert
#7

Updated by Roel Standaert 9 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF