#3765 closed Defect (fixed)
forward() should throw Exception if headers were sent
| Reported by: | mrclay | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Elgg 1.8.1b |
| Component: | Core | Version: | Github Master |
| Severity: | minor | Keywords: | security, forward, exception |
| Cc: | brett@… | Difficulty: |
Description
It's good that a couple gatekeepers throw exceptions if forward() returns false, but IMO the throw should occur in forward itself whenever headers were already sent.
I count 50+ usages of forward(); and in very few instances does the code check the return value. Even action_gatekeeper() doesn't. Authors expect--for better or for worse--that calling functions named "forward" or "redirect" will always halt program flow, and very small errors (outputting a newline in a PHP file) could break this contract.
Change History (5)
comment:1 Changed 21 months ago by cash
- Milestone changed from Needs Review to Elgg 1.8.1
comment:2 Changed 20 months ago by mrclay
comment:3 Changed 20 months ago by Cash Costello
- Resolution set to fixed
- Status changed from new to closed
Merge pull request #69 from mrclay/issue3765
Fixes #3765 forward throws Exception if headers sent.
Changeset: 26b56fb5d6d71bb56f03d0d4e999e09a1fc81476
comment:4 Changed 20 months ago by brettp
- Milestone changed from Elgg 1.8.1 to Elgg 1.8.1b
comment:5 Changed 19 months ago by Cash Costello
Merge pull request #69 from mrclay/issue3765
Fixes #3765 forward throws Exception if headers sent.
Changeset: 26b56fb5d6d71bb56f03d0d4e999e09a1fc81476
Pull request: https://github.com/Elgg/Elgg/pull/69