[Pkg-owncloud-commits] [owncloud] 41/78: do not disclose information, show generic error on login page

Sun May 31 01:59:07 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 24037218dda7b802c23a37e09e6e40259a458fb2
Author: Jörn Friedrich Dreyer <jfd at butonic.de>
Date:   Tue Mar 31 14:56:02 2015 +0200

    do not disclose information, show generic error on login page
---
 core/templates/login.php |  6 ++++++
 lib/base.php             | 24 +++++++++++++++---------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/core/templates/login.php b/core/templates/login.php
index 819010c..8cf2240 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -12,6 +12,12 @@
 				<small><?php p($l->t('Please contact your administrator.')); ?></small>
 			</div>
 		<?php endif; ?>
+		<?php if (isset($_['internalexception']) && ($_['internalexception'])): ?>
+			<div class="warning">
+				<?php p($l->t('An internal error occured.')); ?><br>
+				<small><?php p($l->t('Please try again or contact your administrator.')); ?></small>
+			</div>
+		<?php endif; ?>
 		<p id="message" class="hidden">
 			<img class="float-spinner" src="<?php p(\OCP\Util::imagePath('core', 'loading-dark.gif'));?>"/>
 			<span id="messageText"></span>
diff --git a/lib/base.php b/lib/base.php
index 495d753..e74d924 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -829,15 +829,21 @@ class OC {
 		OC_App::loadApps(array('prelogin'));
 		$error = array();
 
-		// auth possible via apache module?
-		if (OC::tryApacheAuth()) {
-			$error[] = 'apacheauthfailed';
-		} // remember was checked after last login
-		elseif (OC::tryRememberLogin()) {
-			$error[] = 'invalidcookie';
-		} // logon via web form
-		elseif (OC::tryFormLogin()) {
-			$error[] = 'invalidpassword';
+		try {
+			// auth possible via apache module?
+			if (OC::tryApacheAuth()) {
+				$error[] = 'apacheauthfailed';
+			} // remember was checked after last login
+			elseif (OC::tryRememberLogin()) {
+				$error[] = 'invalidcookie';
+			} // logon via web form
+			elseif (OC::tryFormLogin()) {
+				$error[] = 'invalidpassword';
+			}
+		} catch (\Exception $ex) {
+			\OCP\Util::logException('handleLogin', $ex);
+			// do not disclose information. show generic error
+			$error[] = 'internalexception';
 		}
 
 		OC_Util::displayLoginPage(array_unique($error));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

