Validate content of reports made by clients.

author Florent Bruneau <florent.bruneau@polytechnique.org>

Fri, 1 Jun 2012 07:27:09 +0000 (09:27 +0200)

committer Florent Bruneau <florent.bruneau@polytechnique.org>

Fri, 1 Jun 2012 07:29:26 +0000 (09:29 +0200)
author Florent Bruneau <florent.bruneau@polytechnique.org>
Fri, 1 Jun 2012 07:27:09 +0000 (09:27 +0200)
committer Florent Bruneau <florent.bruneau@polytechnique.org>
Fri, 1 Jun 2012 07:29:26 +0000 (09:29 +0200)
diff --git a/modules/core.php b/modules/core.php

index d0168b2..af55a24 100644 (file)
--- a/modules/core.php
+++ b/modules/core.php
@@ -225,7 +225,15 @@ class CoreModule extends PLModule
      function handler_register_error($page)
      {
          if (S::has_xsrf_token() && Post::has('error') && Post::has('url')) {
-            PlErrorReport::report("Client error on " . Post::s('url') . ":\n\n" . Post::s('error'));
+            $error = Post::s('error');
+            if (strlen($error) > 20000) {
+                exit;
+            }
+            $json = @json_decode($error, true, 3);
+            if (!is_array($json) || count($json) === 0) {
+                exit;
+            }
+            PlErrorReport::report("Client error on " . Post::s('url') . ":\n\n" . $error);
          }
          exit;
      }
author	Florent Bruneau <florent.bruneau@polytechnique.org>
	Fri, 1 Jun 2012 07:27:09 +0000 (09:27 +0200)
committer	Florent Bruneau <florent.bruneau@polytechnique.org>
	Fri, 1 Jun 2012 07:29:26 +0000 (09:29 +0200)