mirror of https://github.com/Icinga/icinga2.git
Merge pull request #7528 from Icinga/bugfix/api-put-error-handling
API: Handle permission exceptions soon enough, returning 404
This commit is contained in:
commit
38080405df
|
@ -98,11 +98,22 @@ void HttpHandler::ProcessRequest(
|
|||
}
|
||||
|
||||
bool processed = false;
|
||||
for (const HttpHandler::Ptr& handler : handlers) {
|
||||
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
|
||||
processed = true;
|
||||
break;
|
||||
|
||||
/*
|
||||
* HandleRequest may throw a permission exception.
|
||||
* DO NOT return a specific permission error. This
|
||||
* allows attackers to guess from words which objects
|
||||
* do exist.
|
||||
*/
|
||||
try {
|
||||
for (const HttpHandler::Ptr& handler : handlers) {
|
||||
if (handler->HandleRequest(stream, user, request, url, response, params, yc, server)) {
|
||||
processed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (const std::exception&) {
|
||||
processed = false;
|
||||
}
|
||||
|
||||
if (!processed) {
|
||||
|
|
Loading…
Reference in New Issue