From 55c72617c6a582f25f3769872ad09d0494049a5f Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Mon, 25 Feb 2013 18:37:05 +0100 Subject: [PATCH 1/4] set http 500 when session could not be started to prevent serving of empty files see #1049 --- lib/base.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/base.php b/lib/base.php index b5439c00ab..16aa7bff30 100644 --- a/lib/base.php +++ b/lib/base.php @@ -320,8 +320,11 @@ class OC { // set the session name to the instance id - which is unique session_name(OC_Util::getInstanceId()); - // (re)-initialize session - session_start(); + // if session cant be started break with http 500 error + if (session_start() === false){ + header('HTTP/1.1 500 Internal Server Error'); + exit(1); + } // regenerate session id periodically to avoid session fixation if (!isset($_SESSION['SID_CREATED'])) { From bc2fefed59f2d3f662e34332065a3ba02cccdd6f Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Mon, 25 Feb 2013 18:42:09 +0100 Subject: [PATCH 2/4] write an error log when session could not be initialized --- lib/base.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/base.php b/lib/base.php index 16aa7bff30..3ca2daccd2 100644 --- a/lib/base.php +++ b/lib/base.php @@ -322,6 +322,8 @@ class OC { // if session cant be started break with http 500 error if (session_start() === false){ + OC_Log::write('core', 'Session could not be initialized', + OC_Log::ERROR); header('HTTP/1.1 500 Internal Server Error'); exit(1); } From aba60dba287cefdc6fbdcc14437af1d4ab6a12bc Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Mon, 25 Feb 2013 18:47:34 +0100 Subject: [PATCH 3/4] added simple error message for the browser --- lib/base.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/base.php b/lib/base.php index 3ca2daccd2..156edebc13 100644 --- a/lib/base.php +++ b/lib/base.php @@ -324,6 +324,8 @@ class OC { if (session_start() === false){ OC_Log::write('core', 'Session could not be initialized', OC_Log::ERROR); + echo 'Session could not be initialized. Please contact your system'; + echo ' administrator'; header('HTTP/1.1 500 Internal Server Error'); exit(1); } From 7f7b8bc07aedf9da93eecc8163cb9c98a4821eb0 Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Mon, 25 Feb 2013 19:17:29 +0100 Subject: [PATCH 4/4] use error template --- lib/base.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/base.php b/lib/base.php index 156edebc13..f9bb1bb11b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -324,10 +324,16 @@ class OC { if (session_start() === false){ OC_Log::write('core', 'Session could not be initialized', OC_Log::ERROR); - echo 'Session could not be initialized. Please contact your system'; - echo ' administrator'; + header('HTTP/1.1 500 Internal Server Error'); - exit(1); + $error = 'Session could not be initialized. Please contact your '; + $error .= 'system administrator'; + + $tmpl = new OC_Template('', 'error', 'guest'); + $tmpl->assign('errors', array(1 => array('error' => $error))); + $tmpl->printPage(); + + exit(); } // regenerate session id periodically to avoid session fixation