ErrorNotifierBundle icon indicating copy to clipboard operation
ErrorNotifierBundle copied to clipboard

Published 20 hours ago verified publisher icon Elao

Sometimes outputs email body to browser instead of send it

Open psylosss opened this issue 8 years ago • 8 comments

In prod env at some errors all the email body outputs to browser. All backtrace with php-code is visible to user. Yes, in production. Why it may happens?

psylosss avatar Mar 28 '16 11:03 psylosss

If there were fatal error during sending email (for example, sanitaze twig function cannot display DateTime object properly), all the stacktrace ouputs to user. Any ideas how to prevent it?

psylosss avatar Mar 28 '16 12:03 psylosss

In Notifier::createMailAndSend() twig template is using to generate email body. But if there were some fatal error in this template...

from TwigTemplate class:

    public function render(array $context)
    {
        $level = ob_get_level();
        ob_start();
        try {
            $this->display($context);
        } catch (Exception $e) {
            while (ob_get_level() > $level) {
                ob_end_clean();
            }

            throw $e;
        }

        return ob_get_clean();
    }

... fatal error is not exception, so ob_get_clean() not invoked and when script dies, we got whole rendered template in browser.

psylosss avatar Mar 28 '16 16:03 psylosss

+1, it happens to me sometimes, quite dangerous in production!

peelandsee avatar May 31 '16 09:05 peelandsee

Maybe similar to https://github.com/Elao/ErrorNotifierBundle/issues/68. @psylosss does this happen with display_errors set to Off in the php.ini, too?

binarious avatar Aug 23 '17 09:08 binarious

@binarious, yes. I'd remove ErrorNotifierBundle from all my projects and replaced with native monolog - it works fine.

psylosss avatar Aug 23 '17 09:08 psylosss

I haven't noticed this behaviour and we're using it in a lot of applications. I don't see how the email contents could get send to the browser. The fatal exception is caught by the error handler defined in this bundle and it should take care of it. If you have a reproducible test case or a stacktrace then please let me know.

binarious avatar Aug 24 '17 09:08 binarious

@binarious, I don't have test. Likely, PHP version is matters. When I posted this 1 year ago, I used php5, now php7. There were a lot of exception-related changes in php7. I did not try to reproduce this bug after replacing this bundle with http://symfony.com/doc/current/logging/monolog_email.html (it works fine!).

psylosss avatar Aug 24 '17 09:08 psylosss

@psylosss Thanks for your input. Monolog is missing a lot of things here I like about this bundle: eg. scoped variables, request variables, session, formatted stacktrace and code parts. Could be done with monolog, of course, but that is what this bundle is doing 🙂 .

binarious avatar Aug 24 '17 09:08 binarious