Skip to content
This repository has been archived by the owner on Mar 22, 2023. It is now read-only.

Sometimes outputs email body to browser instead of send it #58

Open
psylosss opened this issue Mar 28, 2016 · 8 comments
Open

Sometimes outputs email body to browser instead of send it #58

psylosss opened this issue Mar 28, 2016 · 8 comments

Comments

@psylosss
Copy link

In prod env at some errors all the email body outputs to browser. All backtrace with php-code is visible to user. Yes, in production. Why it may happens?
@psylosss
Copy link
Author

If there were fatal error during sending email (for example, sanitaze twig function cannot display DateTime object properly), all the stacktrace ouputs to user. Any ideas how to prevent it?

@psylosss
Copy link
Author

In Notifier::createMailAndSend() twig template is using to generate email body. But if there were some fatal error in this template...

from TwigTemplate class:

    public function render(array $context)
    {
        $level = ob_get_level();
        ob_start();
        try {
            $this->display($context);
        } catch (Exception $e) {
            while (ob_get_level() > $level) {
                ob_end_clean();
            }

            throw $e;
        }

        return ob_get_clean();
    }

... fatal error is not exception, so ob_get_clean() not invoked and when script dies, we got whole rendered template in browser.

@psylosss psylosss mentioned this issue Mar 29, 2016
Closed
@peelandsee
Copy link
Contributor

+1, it happens to me sometimes, quite dangerous in production!

@binarious
Copy link
Contributor

Maybe similar to #68. @psylosss does this happen with display_errors set to Off in the php.ini, too?

@psylosss
Copy link
Author

@binarious, yes. I'd remove ErrorNotifierBundle from all my projects and replaced with native monolog - it works fine.

@binarious
Copy link
Contributor

I haven't noticed this behaviour and we're using it in a lot of applications. I don't see how the email contents could get send to the browser. The fatal exception is caught by the error handler defined in this bundle and it should take care of it. If you have a reproducible test case or a stacktrace then please let me know.

@psylosss
Copy link
Author

psylosss commented Aug 24, 2017
edited
Loading

@binarious, I don't have test. Likely, PHP version is matters. When I posted this 1 year ago, I used php5, now php7. There were a lot of exception-related changes in php7. I did not try to reproduce this bug after replacing this bundle with http://symfony.com/doc/current/logging/monolog_email.html (it works fine!).

@binarious
Copy link
Contributor

@psylosss Thanks for your input. Monolog is missing a lot of things here I like about this bundle: eg. scoped variables, request variables, session, formatted stacktrace and code parts.
Could be done with monolog, of course, but that is what this bundle is doing 🙂 .

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@psylosss @binarious @peelandsee