Return HTTP 403 in case a SecurityException was thrown

2015-01-30 09:31:05 +01:00 · 2015-01-30 09:31:05 +01:00 · d42017018f
parent 375345f837
commit d42017018f
1 changed files with 10 additions and 6 deletions
--- a/application/controllers/ErrorController.php
+++ b/application/controllers/ErrorController.php
@ -1,12 +1,9 @@
 <?php
-// {{{ICINGA_LICENSE_HEADER}}}
-// {{{ICINGA_LICENSE_HEADER}}}

-// namespace Icinga\Application\Controllers;
-
-use Icinga\Application\Logger;
-use Icinga\Web\Controller\ActionController;
 use Icinga\Application\Icinga;
+use Icinga\Application\Logger;
+use Icinga\Security\SecurityException;
+use Icinga\Web\Controller\ActionController;

 /**
 * Application wide controller for displaying exceptions
@ -44,6 +41,13 @@ class ErrorController extends ActionController
                }

                break;
+            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_OTHER:
+                if ($exception instanceof SecurityException) {
+                    $this->getResponse()->setHttpResponseCode(403);
+                    $this->view->message = $exception->getMessage();
+                    break;
+                }
+                // Move to default
            default:
                $title = preg_replace('/\r?\n.*$/s', '', $exception->getMessage());
                $this->getResponse()->setHttpResponseCode(500);