Changeset 23389 for main/trunk/greenstone2

Timestamp:

2010-12-06T13:39:26+13:00 (13 years ago)

Author:

mdewsnip

Message:

Commented out the code (3 occurrences) from cgiwrapper that reads and returns the error.txt file content, as I think it's a really bad idea. The error.txt file may be very large, causing out of memory problems and even crashing the machine in extreme cases where multiple processes are causing this type of error (e.g. automated processes that try to "hack" the Greenstone site by supplying values such as site URLs for the CGI arguments -- this actually happens). Also, the error.txt may contain information that shouldn't be exposed (such as usage or query information). Maybe this should be configurable through a main.cfg configuration setting, but I don't think it's worth it -- the only people who should need the contents of this file should have access to it through the file system. I think you can also view the contents of this file through the statusaction if you have a suitable login.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/cgiwrapper.cpp (modified) (3 diffs)

main/trunk/greenstone2/runtime-src/src/recpt/cgiwrapper.cpp

@@ -233 +233 @@
 
   text_t error_file = filename_cat (gsdlhome, "etc", "error.txt");
-  char *efile = error_file.getcstr();
-  ifstream errin (efile);
-  delete []efile;
-  if (errin) {
-    errortext += "The error log, " + error_file + ", contains the\n";
-    errortext += "following information:\n\n";
-    if (!debug) errortext += "<pre>\n";
-
-    char c;
-    errin.get(c);
-    while (!errin.eof ()) {
-      errortext.push_back(c);
-      errin.get(c);
-    }
+  // This is all commented out because I think it's a really bad idea
+  // The error.txt file may be very large, causing out of memory problems and even crashing the machine in extreme
+  //   cases where multiple processes are causing this type of error (e.g. automated processes that try to "hack"
+  //   the Greenstone site by supplying values such as site URLs for the CGI arguments -- this has happened)
+  // Also, the error.txt may contain information that shouldn't be exposed (such as usage or query information)
+  // Maybe this should be configurable through a main.cfg configuration setting, but I don't think it's worth it
+  // The only people who should need the contents of this file should have access to it through the file system
+  // I think you can also view the contents of this file through the statusaction if you have a suitable login
+//   char *efile = error_file.getcstr();
+//   ifstream errin (efile);
+//   delete []efile;
+//   if (errin) {
+//     errortext += "The error log, " + error_file + ", contains the\n";
+//     errortext += "following information:\n\n";
+//     if (!debug) errortext += "<pre>\n";
+
+//     char c;
+//     errin.get(c);
+//     while (!errin.eof ()) {
+//       errortext.push_back(c);
+//       errin.get(c);
+//     }
     
-    if (!debug) errortext += "</pre>\n";
-
-    errin.close();
-
-  } else {
+//     if (!debug) errortext += "</pre>\n";
+
+//     errin.close();
+
+//   } else {
     errortext += "Please consult " + error_file + " for more information.\n";
-  }
+//   }
 
   format_error_string (errorpage, errortext, debug);
@@ -264 +272 @@
 
   text_t error_file = filename_cat (gsdlhome, "etc", "error.txt");
-  char *efile = error_file.getcstr();
-  ifstream errin (efile);
-  delete []efile;
-  if (errin) {
-    errortext += "The error log, " + error_file + ", contains the\n";
-    errortext += "following information:\n\n";
-    if (!debug) errortext += "<pre>\n";
-
-    char c;
-    errin.get(c);
-    while (!errin.eof ()) {
-      errortext.push_back(c);
-      errin.get(c);
-    }
-    if (!debug) errortext += "</pre>\n";
-    errin.close();
-
-  } else {
+  // This is all commented out because I think it's a really bad idea
+  // The error.txt file may be very large, causing out of memory problems and even crashing the machine in extreme
+  //   cases where multiple processes are causing this type of error (e.g. automated processes that try to "hack"
+  //   the Greenstone site by supplying values such as site URLs for the CGI arguments -- this has happened)
+  // Also, the error.txt may contain information that shouldn't be exposed (such as usage or query information)
+  // Maybe this should be configurable through a main.cfg configuration setting, but I don't think it's worth it
+  // The only people who should need the contents of this file should have access to it through the file system
+  // I think you can also view the contents of this file through the statusaction if you have a suitable login
+//   char *efile = error_file.getcstr();
+//   ifstream errin (efile);
+//   delete []efile;
+//   if (errin) {
+//     errortext += "The error log, " + error_file + ", contains the\n";
+//     errortext += "following information:\n\n";
+//     if (!debug) errortext += "<pre>\n";
+
+//     char c;
+//     errin.get(c);
+//     while (!errin.eof ()) {
+//       errortext.push_back(c);
+//       errin.get(c);
+//     }
+//     if (!debug) errortext += "</pre>\n";
+//     errin.close();
+
+//   } else {
     errortext += "Please consult " + error_file + " for more information.\n";
-  }
+//   }
 
   format_error_string (errorpage, errortext, debug);
@@ -293 +309 @@
 
   text_t error_file = filename_cat (gsdlhome, "etc", "error.txt");
-  char *efile = error_file.getcstr();
-  ifstream errin (efile);
-  delete []efile;
-  if (errin) {
-    errortext += "The error log, " + error_file + ", contains the\n";
-    errortext += "following information:\n\n";
-    if (!debug) errortext += "<pre>\n";
-
-    char c;
-    errin.get(c);
-    while (!errin.eof ()) {
-      errortext.push_back(c);
-      errin.get(c);
-    }
-    if (!debug) errortext += "</pre>\n";
-    errin.close();
-
-  } else {
+  // This is all commented out because I think it's a really bad idea
+  // The error.txt file may be very large, causing out of memory problems and even crashing the machine in extreme
+  //   cases where multiple processes are causing this type of error (e.g. automated processes that try to "hack"
+  //   the Greenstone site by supplying values such as site URLs for the CGI arguments -- this has happened)
+  // Also, the error.txt may contain information that shouldn't be exposed (such as usage or query information)
+  // Maybe this should be configurable through a main.cfg configuration setting, but I don't think it's worth it
+  // The only people who should need the contents of this file should have access to it through the file system
+  // I think you can also view the contents of this file through the statusaction if you have a suitable login
+//   char *efile = error_file.getcstr();
+//   ifstream errin (efile);
+//   delete []efile;
+//   if (errin) {
+//     errortext += "The error log, " + error_file + ", contains the\n";
+//     errortext += "following information:\n\n";
+//     if (!debug) errortext += "<pre>\n";
+
+//     char c;
+//     errin.get(c);
+//     while (!errin.eof ()) {
+//       errortext.push_back(c);
+//       errin.get(c);
+//     }
+//     if (!debug) errortext += "</pre>\n";
+//     errin.close();
+
+//   } else {
     errortext += "Please consult " + error_file + " for more information.\n";
-  }
+//   }
 
   format_error_string (errorpage, errortext, debug);