Bug 36148: Improve error handling and restore programming errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
3e90c5517e
commit
462d170c8e
GPG key ID:
A085E712BEF0E0F0
7 changed files with 30 additions and 26 deletions
|
|
@ -640,8 +640,8 @@ sub get_template_and_user {
|
|||
$template->param( logged_in_user => $patron );
|
||||
$template->param( sessionID => $sessionID );
|
||||
|
||||
if ( $ENV{KOHA_ERROR} ) {
|
||||
C4::Output::output_and_exit( $in->{query}, $cookie, $template, $ENV{KOHA_ERROR} );
|
||||
if ( $ENV{'plack.middleware.Koha.CSRF'} ) {
|
||||
C4::Output::output_and_exit( $in->{query}, $cookie, $template, $ENV{'plack.middleware.Koha.CSRF'} );
|
||||
}
|
||||
|
||||
return ( $template, $borrowernumber, $cookie, $flags );
|
||||
|
|
|
|||
|
|
@ -76,8 +76,8 @@ sub call {
|
|||
|
||||
#NOTE: Other Middleware will take care of logging to correct place, as Koha::Logger doesn't know where to go here
|
||||
warn $error;
|
||||
$env->{'plack.middleware.Koha.CSRF'} = "BAD_CSRF";
|
||||
my $res = Plack::Response->new( 403, [ 'Content-Type' => 'text/plain' ], ["Bad CSRF"] );
|
||||
$env->{'plack.middleware.Koha.CSRF'} = $error;
|
||||
my $res = Plack::Response->new( 403, [ 'Content-Type' => 'text/plain' ], ["Wrong CSRF token"] );
|
||||
return $res->finalize;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,11 +36,9 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|||
$template->param (
|
||||
admin => $admin,
|
||||
errno => 403,
|
||||
csrf_error => $ENV{'plack.middleware.Koha.CSRF'},
|
||||
);
|
||||
my $csrf_error = $ENV{'plack.middleware.Koha.CSRF'};
|
||||
if ($csrf_error) {
|
||||
$template->param( 'csrf_error' => 1 );
|
||||
}
|
||||
|
||||
my $status = '403 Forbidden';
|
||||
if ( C4::Context->is_internal_PSGI_request() ) {
|
||||
$status = '200 OK';
|
||||
|
|
|
|||
|
|
@ -18,14 +18,15 @@
|
|||
[% CASE 'order_cannot_be_edited' %]
|
||||
<div class="dialog message">This order cannot be edited, the basket is closed or the order was already received.</div>
|
||||
[% CASE 'wrong_csrf_token' %]
|
||||
<div class="dialog message">The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</div>
|
||||
<div class="dialog alert">The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</div>
|
||||
[% CASE 'budget_is_locked' %]
|
||||
<div class="dialog message">The budget is locked, fund creation is not possible.</div>
|
||||
[% CASE 'missing_es_modules' %]
|
||||
<div class="dialog message">Necessary Elasticsearch packages are not installed on your server. Please contact your server admin if you wish to configure Elasticsearch</div>
|
||||
[% CASE 'insufficient_permission' %]
|
||||
<div class="dialog message">You do not have sufficient permission to continue.</div>
|
||||
[% CASE %][% blocking_error | html %]
|
||||
[% CASE %]
|
||||
<div class="dialog alert">[% blocking_error | html %]</div>
|
||||
[% END %]
|
||||
|
||||
[% INCLUDE 'intranet-bottom.inc' %]
|
||||
|
|
|
|||
|
|
@ -30,16 +30,17 @@
|
|||
|
||||
<h1>An error has occurred!</h1>
|
||||
<h2><em>[% tx("Error {error_number}", {error_number = errno }) | html %]</em></h2>
|
||||
<h3>This message may have been caused by any of the following reasons:</h3>
|
||||
<ul style="padding-bottom: 0.5em;">
|
||||
<li>You made use of an external link to an item that is no longer available</li>
|
||||
<li>You followed an outdated link e.g. from a search engine or a bookmark</li>
|
||||
<li>You tried to access a page that needs authentication</li>
|
||||
<li>An internal link in the client is broken and the page does not exist</li>
|
||||
[% IF ( csrf_error ) %]
|
||||
<li>A missing CSRF token</li>
|
||||
[% END %]
|
||||
</ul>
|
||||
[% IF ( csrf_error ) %]
|
||||
[% INCLUDE 'blocking_errors.inc' blocking_error => csrf_error %]
|
||||
[% ELSE %]
|
||||
<h3>This message may have been caused by any of the following reasons:</h3>
|
||||
<ul style="padding-bottom: 0.5em;">
|
||||
<li>You made use of an external link to an item that is no longer available</li>
|
||||
<li>You followed an outdated link e.g. from a search engine or a bookmark</li>
|
||||
<li>You tried to access a page that needs authentication</li>
|
||||
<li>An internal link in the client is broken and the page does not exist</li>
|
||||
</ul>
|
||||
[% END %]
|
||||
<h3>What's next?</h3>
|
||||
<ul style="margin-bottom: 1em; padding-bottom: 1em; border-bottom: 1px solid #CCC;">
|
||||
<li>Use top menu bar to navigate to another part of Koha.</li>
|
||||
|
|
|
|||
|
|
@ -47,9 +47,15 @@
|
|||
[% END %]
|
||||
|
||||
[% IF ( errno == 403 ) %]
|
||||
<li>You are forbidden to view this page.</li>
|
||||
[% IF ( csrf_error ) %]
|
||||
<li>A missing CSRF token</li>
|
||||
[% IF csrf_error == 'wrong_csrf_token' %]
|
||||
<li>The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</li>
|
||||
[% ELSE %]
|
||||
[%# Programming errors, we do not want to display them at the OPAC %]
|
||||
<li>An unexpected error occurred while processing your requets.</li>
|
||||
[% END %]
|
||||
[% ELSE %]
|
||||
<li>You are forbidden to view this page.</li>
|
||||
[% END %]
|
||||
[% END %]
|
||||
|
||||
|
|
|
|||
|
|
@ -36,11 +36,9 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|||
$template->param (
|
||||
admin => $admin,
|
||||
errno => 403,
|
||||
csrf_error => $ENV{'plack.middleware.Koha.CSRF'},
|
||||
);
|
||||
my $csrf_error = $ENV{'plack.middleware.Koha.CSRF'};
|
||||
if ($csrf_error) {
|
||||
$template->param( 'csrf_error' => 1 );
|
||||
}
|
||||
|
||||
my $status = '403 Forbidden';
|
||||
if ( C4::Context->is_internal_PSGI_request() ) {
|
||||
$status = '200 OK';
|
||||
|
|
|
|||
Loading…
Reference in a new issue