Skip to content

Commit 319763e

Browse files
kamil-tekielaMauricioFauth
authored andcommitted
Don't use exceptions for flow control
Signed-off-by: Kamil Tekiela <tekiela246@gmail.com>
1 parent 747ac5f commit 319763e

1 file changed

Lines changed: 14 additions & 14 deletions

File tree

src/Http/Middleware/RequestProblemChecking.php

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111
use Psr\Http\Message\ServerRequestInterface;
1212
use Psr\Http\Server\MiddlewareInterface;
1313
use Psr\Http\Server\RequestHandlerInterface;
14-
use RuntimeException;
1514

1615
use function __;
1716
use function count;
@@ -27,23 +26,24 @@ public function __construct(private readonly Template $template, private readonl
2726

2827
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
2928
{
30-
try {
31-
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
32-
throw new RuntimeException(__('GLOBALS overwrite attempt'));
33-
}
34-
35-
/**
36-
* protect against possible exploits - there is no need to have so many variables
37-
*/
38-
if (count($_REQUEST) >= 1000) {
39-
throw new RuntimeException(__('possible exploit'));
40-
}
41-
} catch (RuntimeException $exception) {
29+
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
4230
$response = $this->responseFactory->createResponse(StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR);
4331

4432
return $response->write($this->template->render('error/generic', [
4533
'lang' => $GLOBALS['lang'] ?? 'en',
46-
'error_message' => $exception->getMessage(),
34+
'error_message' => __('GLOBALS overwrite attempt'),
35+
]));
36+
}
37+
38+
/**
39+
* protect against possible exploits - there is no need to have so many variables
40+
*/
41+
if (count($_REQUEST) >= 1000) {
42+
$response = $this->responseFactory->createResponse(StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR);
43+
44+
return $response->write($this->template->render('error/generic', [
45+
'lang' => $GLOBALS['lang'] ?? 'en',
46+
'error_message' => __('possible exploit'),
4747
]));
4848
}
4949

0 commit comments

Comments
 (0)