Commit 04ca482c authored by Carsten  Rose's avatar Carsten Rose
Browse files

Problem was a second exception. Prevent throwing 'invalid sip' a second time...

Problem was a second exception. Prevent throwing 'invalid sip' a second time will show IP/feUser already in first exception handling.
parent c594691e
Pipeline #7090 passed with stage
in 1 minute and 49 seconds
......@@ -335,6 +335,8 @@ class Sip {
*/
public function getVarsFromSip($s) {
static $exceptionAlreadyThrown = false;
# Check if parameter is manipulated
if (strlen($s) != SIP_TOKEN_LENGTH) {
Config::attackDetectedExitNow(array(), 'Invalid SIP token length: ' . strlen($s) . " _GET['s']=" . htmlentities($s));
......@@ -345,17 +347,15 @@ class Sip {
# Check if index 's' exists.
$sessionVar = Session::get($s);
$sessionVarFeUser = Session::get(SESSION_FE_USER);
$ip = $_SERVER[CLIENT_REMOTE_ADDRESS];
// if given set fe-user to show in form exception
if(isset($sessionVarFeUser) && $sessionVarFeUser != '' ){
$feUserMessage = " | FE-User: $sessionVarFeUser";
}else{
$feUserMessage = '';
}
if ($sessionVar === false) {
throw new \UserFormException("SIP '$s' not registered - please reload the previous site and try again. IP:$ip $feUserMessage", ERROR_SIP_NOT_FOUND);
if ($exceptionAlreadyThrown) {
// There is already an exception throw for Store SIP: just return an empty array and do not throw a new exception.
return array();
}
$exceptionAlreadyThrown = true;
throw new \UserFormException("SIP '$s' not registered - please reload the previous site and try again.", ERROR_SIP_NOT_FOUND);
}
// Decode parameter
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment