diff --git a/library/Icinga/Web/Form/Validator/TokenValidator.php b/library/Icinga/Web/Form/Validator/TokenValidator.php index e55369fd6..3f80981ba 100644 --- a/library/Icinga/Web/Form/Validator/TokenValidator.php +++ b/library/Icinga/Web/Form/Validator/TokenValidator.php @@ -4,7 +4,9 @@ namespace Icinga\Web\Form\Validator; +use Exception; use Zend_Validate_Abstract; +use Icinga\Util\File; /** * Validator that checks if a token matches with the contents of a corresponding token-file @@ -27,10 +29,20 @@ class TokenValidator extends Zend_Validate_Abstract { $this->tokenPath = $tokenPath; $this->_messageTemplates = array( - 'TOKEN_FILE_NOT_FOUND' => t('Cannot validate token, file could not be opened or does not exist.'), - 'TOKEN_FILE_EMPTY' => t('Cannot validate token, file is empty. Please define a token.'), - 'TOKEN_FILE_PUBLIC' => t('Cannot validate token, file is publicly readable.'), - 'TOKEN_INVALID' => t('Invalid token supplied.') + 'TOKEN_FILE_ERROR' => sprintf( + t('Cannot validate token: %s (%s)'), + $tokenPath, + '%value%' + ), + 'TOKEN_FILE_EMPTY' => sprintf( + t('Cannot validate token, file "%s" is empty. Please define a token.'), + $tokenPath + ), + 'TOKEN_FILE_PUBLIC' => sprintf( + t('Cannot validate token, file "%s" must only be accessible by the webserver\'s user.'), + $tokenPath + ), + 'TOKEN_INVALID' => t('Invalid token supplied.') ); } @@ -50,13 +62,15 @@ class TokenValidator extends Zend_Validate_Abstract return false; } - $expectedToken = @file_get_contents($this->tokenPath); - if ($expectedToken === false) { - $this->_error('TOKEN_FILE_NOT_FOUND'); + try { + $file = new File($this->tokenPath); + $expectedToken = trim($file->fgets()); + } catch (Exception $e) { + $msg = $e->getMessage(); + $this->_error('TOKEN_FILE_ERROR', substr($msg, strpos($msg, ']: ') + 3)); return false; } - $expectedToken = trim($expectedToken); if (empty($expectedToken)) { $this->_error('TOKEN_FILE_EMPTY'); return false; @@ -68,4 +82,3 @@ class TokenValidator extends Zend_Validate_Abstract return true; } } -