Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ElementalContentControllerExtension should 404 instead of 500 error when elements are not found #927

Open
kinglozzer opened this issue Aug 17, 2021 · 0 comments
Open

ElementalContentControllerExtension should 404 instead of 500 error when elements are not found #927

kinglozzer opened this issue Aug 17, 2021 · 0 comments
Labels
complexity/low impact/low type/enhancement

Comments

@kinglozzer
Copy link
Member

ElementalContentControllerExtension::handleElement() has a bunch of places which call user_error(), resulting in a 500 internal server error when users visit a URL for an element which doesn’t exist (or previously existed, but has been removed). This can be caused by bots scanning sites, or legitimate users visiting URLs that have since been removed.

silverstripe-elemental/src/Extensions/ElementalContentControllerExtension.php

Lines 18 to 49 in f626840

public function handleElement()
{
$id = $this->owner->getRequest()->param('ID');
if (!$id) {
user_error('No element ID supplied', E_USER_ERROR);
return false;
}
/** @var SiteTree $elementOwner */
$elementOwner = $this->owner->data();
$elementalAreaRelations = $this->owner->getElementalRelations();
if (!$elementalAreaRelations) {
user_error(get_class($this->owner) . ' has no ElementalArea relationships', E_USER_ERROR);
return false;
}
foreach ($elementalAreaRelations as $elementalAreaRelation) {
$element = $elementOwner->$elementalAreaRelation()->Elements()
->filter('ID', $id)
->First();
if ($element) {
return $element->getController();
}
}
user_error('Element $id not found for this page', E_USER_ERROR);
return false;
}

For example, if you visit a URL like http://mysite.test/home/element/12345/action you’ll get a server error when that may simply be a URL that no longer exists.

These should be replaced with 404 responses, though we could keep the more descriptive error messages for dev mode.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity/low impact/low type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kinglozzer @emteknetnz