@mattab opened this Pull Request on January 4th 2018 Owner

This will fix the issue where particularly crafted request will result in displaying stack traces

follows up https://github.com/piwik/piwik/pull/12357

Example request on Demo: https://demo.piwik.org/?module=API&method=VisitsSummary.getVisits&idSite=1&period=day&date=last10&format=xmls&token_auth=XYZANONYMIZED

which outputs file paths:

Piwik encoutered an error: Uncaught Exception: Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml. in /home/piwik-demo/storage/www/demo.piwik.org/core/API/ApiRenderer.php:134
Stack trace:
<a href='/0'>#0</a> /home/piwik-demo/storage/www/demo.piwik.org/core/API/ResponseBuilder.php(40): Piwik\API\ApiRenderer::factory('xmls', Array)
<a href='/1'>#1</a> /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(89): Piwik\API\ResponseBuilder->__construct('xmls')
<a href='/2'>#2</a> /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(70): Piwik\ExceptionHandler::getErrorResponse(Object(Exception))
<a href='/3'>#3</a> /home/piwik-demo/storage/www/demo.piwik.org/core/ExceptionHandler.php(36): Piwik\ExceptionHandler::dieWithHtmlErrorPage(Object(Exception))
<a href='/4'>#4</a> [internal function]: Piwik\ExceptionHandler::handleException(Object(Exception))
<a href='/5'>#5</a> {main}
  thrown (which lead to: Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml.)

After the fix the output is simply:

Renderer format 'xmls' not valid. Try any of the following instead: console, csv, html, json2, json, original, php, rss, tsv, xml.
@tsteur commented on January 6th 2018 Owner

What about adding a test @mattab ?

This Pull Request was closed on January 5th 2018
Powered by GitHub Issue Mirror