public function write($sessionId, $serializedData) { try { // For performance reasons, do not update the sessions table, unless // $_SESSION has changed or more than 180 has passed since the last update. if ($this->sessionDataHasChanged($sessionId, $serializedData)) { // Either ssid or sid or both will be added from $key below. $fields = array('uid' => $this->uid, 'cache' => 0, 'hostname' => ip_address(), 'session' => $serializedData, 'timestamp' => REQUEST_TIME); $key = array('sid' => $sessionId, 'ssid' => ''); db_merge('sessions')->key($key)->fields($fields)->execute(); } return TRUE; } catch (Exception $exception) { // FIXME: This should never be here, a global try/catch should definitely // be done upper in the code. require_once DRUPAL_ROOT . '/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a further // uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . _drupal_render_exception_safe($exception) . '</p><hr />'; } return FALSE; } }
public function write($sessionId, $serializedData) { global $user; try { // For performance reasons, do not update the sessions table, unless // $_SESSION has changed or more than 180 has passed since the last update. if ($this->sessionDataHasChanged($sessionId, $serializedData)) { $cid = $this->getCid($sessionId); // Either ssid or sid or both will be added from $key below. $data = new stdClass(); $data->uid = $this->uid; $data->session = $serializedData; $this->cacheBackend->set($cid, $data); } return TRUE; } catch (Exception $exception) { // FIXME: This should never be here, a global try/catch should definitely // be done upper in the code. require_once DRUPAL_ROOT . '/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a further // uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . _drupal_render_exception_safe($exception) . '</p><hr />'; } return FALSE; } }
/** * {@inheritdoc} */ public function write($sid, $value) { // The exception handler is not active at this point, so we need to do it // manually. try { $request = $this->requestStack->getCurrentRequest(); $fields = array('uid' => $request->getSession()->get('uid', 0), 'hostname' => $request->getClientIP(), 'session' => $value, 'timestamp' => REQUEST_TIME); $this->connection->merge('sessions')->keys(array('sid' => Crypt::hashBase64($sid)))->fields($fields)->execute(); return TRUE; } catch (\Exception $exception) { require_once DRUPAL_ROOT . '/core/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a // further uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . Error::renderExceptionSafe($exception) . '</p><hr />'; } return FALSE; } }
/** * Handles any exception as a generic error page for JSON. * * @todo This should probably check the error reporting level. * * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event * The event to process. */ protected function onJson(GetResponseForExceptionEvent $event) { $exception = $event->getException(); $error = Error::decodeException($exception); // Display the message if the current error reporting level allows this type // of message to be displayed, $data = NULL; if (error_displayable($error) && ($message = $exception->getMessage())) { $data = ['message' => sprintf('A fatal error occurred: %s', $message)]; } $response = new JsonResponse($data, Response::HTTP_INTERNAL_SERVER_ERROR); if ($exception instanceof HttpExceptionInterface) { $response->setStatusCode($exception->getStatusCode()); $response->headers->add($exception->getHeaders()); } $event->setResponse($response); }
/** * Processes a generic exception into an HTTP 500 response. * * @param \Symfony\Component\Debug\Exception\FlattenException $exception * Metadata about the exception that was thrown. * @param \Symfony\Component\HttpFoundation\Request $request * The request object that triggered this exception. * * @return \Symfony\Component\HttpFoundation\Response * A response object. */ public function on500Html(FlattenException $exception, Request $request) { $error = $this->decodeException($exception); // Because the kernel doesn't run until full bootstrap, we know that // most subsystems are already initialized. $headers = array(); // When running inside the testing framework, we relay the errors // to the tested site by the way of HTTP headers. if (DRUPAL_TEST_IN_CHILD_SITE && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) { // $number does not use drupal_static as it should not be reset // as it uniquely identifies each PHP error. static $number = 0; $assertion = array($error['!message'], $error['%type'], array('function' => $error['%function'], 'file' => $error['%file'], 'line' => $error['%line'])); $headers['X-Drupal-Assertion-' . $number] = rawurlencode(serialize($assertion)); $number++; } watchdog('php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']); // Display the message if the current error reporting level allows this type // of message to be displayed, and unconditionnaly in update.php. if (error_displayable($error)) { $class = 'error'; // If error type is 'User notice' then treat it as debug information // instead of an error message. // @see debug() if ($error['%type'] == 'User notice') { $error['%type'] = 'Debug'; $class = 'status'; } // Attempt to reduce verbosity by removing DRUPAL_ROOT from the file path // in the message. This does not happen for (false) security. $root_length = strlen(DRUPAL_ROOT); if (substr($error['%file'], 0, $root_length) == DRUPAL_ROOT) { $error['%file'] = substr($error['%file'], $root_length + 1); } // Should not translate the string to avoid errors producing more errors. $message = String::format('%type: !message in %function (line %line of %file).', $error); // Check if verbose error reporting is on. $error_level = $this->container->get('config.factory')->get('system.logging')->get('error_level'); if ($error_level == ERROR_REPORTING_DISPLAY_VERBOSE) { $backtrace_exception = $exception; while ($backtrace_exception->getPrevious()) { $backtrace_exception = $backtrace_exception->getPrevious(); } $backtrace = $backtrace_exception->getTrace(); // First trace is the error itself, already contained in the message. // While the second trace is the error source and also contained in the // message, the message doesn't contain argument values, so we output it // once more in the backtrace. array_shift($backtrace); // Generate a backtrace containing only scalar argument values. $message .= '<pre class="backtrace">' . Error::formatFlattenedBacktrace($backtrace) . '</pre>'; } drupal_set_message(SafeMarkup::set($message), $class, TRUE); } $content = $this->t('The website has encountered an error. Please try again later.'); $output = DefaultHtmlPageRenderer::renderPage($content, $this->t('Error')); $response = new Response($output); $response->setStatusCode(500, '500 Service unavailable (with message)'); return $response; }
/** * {@inheritdoc} */ public function write($sid, $value) { global $user; // The exception handler is not active at this point, so we need to do it // manually. try { if (!$this->sessionManager->isEnabled()) { // We don't have anything to do if we are not allowed to save the // session. return TRUE; } // Either ssid or sid or both will be added from $key below. $fields = array('uid' => $user->id(), 'hostname' => $this->requestStack->getCurrentRequest()->getClientIP(), 'session' => $value, 'timestamp' => REQUEST_TIME); // Use the session ID as 'sid' and an empty string as 'ssid' by default. // read() does not allow empty strings so that's a safe default. $key = array('sid' => Crypt::hashBase64($sid), 'ssid' => ''); // On HTTPS connections, use the session ID as both 'sid' and 'ssid'. if ($this->requestStack->getCurrentRequest()->isSecure()) { $key['ssid'] = $key['sid']; // The "secure pages" setting allows a site to simultaneously use both // secure and insecure session cookies. If enabled and both cookies // are presented then use both keys. The session ID from the cookie is // hashed before being stored in the database as a security measure. if ($this->sessionManager->isMixedMode()) { $insecure_session_name = $this->sessionManager->getInsecureName(); $cookies = $this->requestStack->getCurrentRequest()->cookies; if ($cookies->has($insecure_session_name)) { $key['sid'] = Crypt::hashBase64($cookies->get($insecure_session_name)); } } } elseif ($this->sessionManager->isMixedMode()) { unset($key['ssid']); } $this->connection->merge('sessions')->keys($key)->fields($fields)->execute(); // Remove obsolete sessions. $this->cleanupObsoleteSessions(); // Likewise, do not update access time more than once per 180 seconds. if ($user->isAuthenticated() && REQUEST_TIME - $user->getLastAccessedTime() > Settings::get('session_write_interval', 180)) { /** @var \Drupal\user\UserStorageInterface $storage */ $storage = \Drupal::entityManager()->getStorage('user'); $storage->updateLastAccessTimestamp($user, REQUEST_TIME); } return TRUE; } catch (\Exception $exception) { require_once DRUPAL_ROOT . '/core/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a // further uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . Error::renderExceptionSafe($exception) . '</p><hr />'; } return FALSE; } }
/** * {@inheritdoc} */ public function execute(ViewExecutable $view) { if ($this->shouldAbort()) { if (error_displayable()) { foreach ($this->errors as $msg) { drupal_set_message(Html::escape($msg), 'error'); } } $view->result = array(); $view->total_rows = 0; $view->execute_time = 0; return; } // Calculate the "skip result count" option, if it wasn't already set to // FALSE. $skip_result_count = $this->query->getOption('skip result count', TRUE); if ($skip_result_count) { $skip_result_count = !$view->pager->useCountQuery() && empty($view->get_total_rows); $this->query->setOption('skip result count', $skip_result_count); } try { // Trigger pager preExecute(). $view->pager->preExecute($this->query); // Views passes sometimes NULL and sometimes the integer 0 for "All" in a // pager. If set to 0 items, a string "0" is passed. Therefore, we unset // the limit if an empty value OTHER than a string "0" was passed. if (!$this->limit && $this->limit !== '0') { $this->limit = NULL; } // Set the range. (We always set this, as there might even be an offset if // all items are shown.) $this->query->range($this->offset, $this->limit); $start = microtime(TRUE); // Execute the search. $results = $this->query->execute(); $this->searchApiResults = $results; // Store the results. if (!$skip_result_count) { $view->pager->total_items = $view->total_rows = $results->getResultCount(); if (!empty($view->pager->options['offset'])) { $view->pager->total_items -= $view->pager->options['offset']; } $view->pager->updatePageInfo(); } $view->result = array(); if ($results->getResultItems()) { $this->addResults($results->getResultItems(), $view); } $view->execute_time = microtime(TRUE) - $start; // Trigger pager postExecute(). $view->pager->postExecute($view->result); } catch (\Exception $e) { $this->abort($e->getMessage()); // Recursion to get the same error behaviour as above. $this->execute($view); } }
/** * {@inheritdoc} */ public function write($sid, $value) { $user = \Drupal::currentUser(); // The exception handler is not active at this point, so we need to do it // manually. try { $fields = array('uid' => $user->id(), 'hostname' => $this->requestStack->getCurrentRequest()->getClientIP(), 'session' => $value, 'timestamp' => REQUEST_TIME); $this->connection->merge('sessions')->keys(array('sid' => Crypt::hashBase64($sid)))->fields($fields)->execute(); // Likewise, do not update access time more than once per 180 seconds. if ($user->isAuthenticated() && REQUEST_TIME - $user->getLastAccessedTime() > Settings::get('session_write_interval', 180)) { /** @var \Drupal\user\UserStorageInterface $storage */ $storage = \Drupal::entityManager()->getStorage('user'); $storage->updateLastAccessTimestamp($user, REQUEST_TIME); } return TRUE; } catch (\Exception $exception) { require_once DRUPAL_ROOT . '/core/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a // further uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . Error::renderExceptionSafe($exception) . '</p><hr />'; } return FALSE; } }
/** * Writes an entire session to the database (internal use only). * * This function is registered with session_set_save_handler() to support * database-backed sessions. * * This function is an internal function and must not be called directly. * Doing so may result in corrupted session data or other unexpected behavior. * Session data must always be accessed via the $_SESSION superglobal. * * @param string $sid * The session ID of the session to write to. * @param string $value * Session data to write as a serialized string. * * @return bool Always returns TRUE. */ public function write($sid, $value) { global $user; // The exception handler is not active at this point, so we need to do it // manually. try { if (!drupal_save_session()) { // We don't have anything to do if we are not allowed to save the session. return; } // Either ssid or sid or both will be added from $key below. $fields = array('uid' => $user->uid, 'cache' => isset($user->cache) ? $user->cache : 0, 'hostname' => ip_address(), 'session' => $value, 'timestamp' => REQUEST_TIME); // Use the session ID as 'sid' and an empty string as 'ssid' by default. // _drupal_session_read() does not allow empty strings so that's a safe // default. $key = array('sid' => $sid, 'ssid' => ''); // On HTTPS connections, use the session ID as both 'sid' and 'ssid'. unset($key['ssid']); db_merge('sessions')->key($key)->fields($fields)->execute(); // Likewise, do not update access time more than once per 180 seconds. if ($user->uid) { db_update('users')->fields(array('access' => REQUEST_TIME))->condition('uid', $user->uid)->execute(); } return TRUE; } catch (\Exception $exception) { require_once DRUPAL_ROOT . '/includes/errors.inc'; // If we are displaying errors, then do so with no possibility of a further // uncaught exception being thrown. if (error_displayable()) { print '<h1>Uncaught exception thrown in session handler.</h1>'; print '<p>' . _drupal_render_exception_safe($exception) . '</p><hr />'; } return FALSE; } }