mirror of
https://github.com/flarum/core.git
synced 2025-10-12 15:34:26 +02:00
1cd8ec6873
By not letting PHP render the stack trace, we prevent displaying sensitive information (such as the database credentials). Instead, we display a simple line with the exception message. In the console, the full exception can still be shown, as that is a tool only for forum admins anyway. Fixes #1421.
63 lines
1.5 KiB
PHP
63 lines
1.5 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Http;
|
|
|
|
use Flarum\Foundation\SiteInterface;
|
|
use Throwable;
|
|
use Zend\Diactoros\Response;
|
|
use Zend\Diactoros\ServerRequest;
|
|
use Zend\Diactoros\ServerRequestFactory;
|
|
use Zend\HttpHandlerRunner\Emitter\SapiEmitter;
|
|
use Zend\HttpHandlerRunner\RequestHandlerRunner;
|
|
use Zend\Stratigility\Middleware\ErrorResponseGenerator;
|
|
|
|
class Server
|
|
{
|
|
private $site;
|
|
|
|
public function __construct(SiteInterface $site)
|
|
{
|
|
$this->site = $site;
|
|
}
|
|
|
|
public function listen()
|
|
{
|
|
$app = $this->safelyBootApp();
|
|
|
|
$runner = new RequestHandlerRunner(
|
|
$app->getRequestHandler(),
|
|
new SapiEmitter,
|
|
[ServerRequestFactory::class, 'fromGlobals'],
|
|
function (Throwable $e) {
|
|
$generator = new ErrorResponseGenerator;
|
|
|
|
return $generator($e, new ServerRequest, new Response);
|
|
}
|
|
);
|
|
$runner->run();
|
|
}
|
|
|
|
/**
|
|
* Try to boot Flarum, and prevent exceptions from exposing sensitive info.
|
|
*
|
|
* @return \Flarum\Foundation\AppInterface
|
|
*/
|
|
private function safelyBootApp()
|
|
{
|
|
try {
|
|
return $this->site->bootApp();
|
|
} catch (Throwable $e) {
|
|
exit('Error booting Flarum: '.$e->getMessage());
|
|
}
|
|
}
|
|
}
|