Project

General

Profile

Actions
Copy link

Bug #10136

closed

WebRenderer::serveError leaks error details to end user

Added by Roel Standaert over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Roel Standaert
Target version:
4.8.0
Start date:
04/08/2022
Due date:
% Done:

100%

Estimated time:

Description

serveError is used in several places where an unexpected exception is caught. The what() of this exception is then sent to the user.

We should not do this, at least not by default. Maybe we could allow the developer to turn it on for development, but normally the user should not get more information than "something went wrong", otherwise a malicious actor may be able to gain valuable information.

Actions
Copy link
 #1

Updated by Roel Standaert over 2 years ago

  • Status changed from New to InProgress
  • Assignee set to Roel Standaert
Actions
Copy link
 #2

Updated by Roel Standaert over 2 years ago

  • Status changed from InProgress to Review
  • Assignee deleted (Roel Standaert)
Actions
Copy link
 #3

Updated by Roel Standaert over 2 years ago

  • Status changed from Review to Implemented @Emweb
Actions
Copy link
 #4

Updated by Roel Standaert over 2 years ago

  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Roel Standaert over 2 years ago

  • Status changed from Implemented @Emweb to Resolved
Actions
Copy link
 #6

Updated by Roel Standaert over 2 years ago

  • Assignee set to Roel Standaert
Actions
Copy link
 #7

Updated by Roel Standaert over 2 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF