Improve Permission denied handling in WordPress

civicrm · Feb 20, 2022 · 5b99ebf · 5b99ebf
1 parent 5a02d44
commit 5b99ebf
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 4 deletions.
diff --git a/CRM/Core/Error.php b/CRM/Core/Error.php
@@ -204,9 +204,11 @@ public static function handle($pearError) {
     CRM_Core_Error::debug_var('Fatal Error Details', $error, TRUE, TRUE, '', PEAR_LOG_ERR);
     CRM_Core_Error::backtrace('backTrace', TRUE);
 
+    $exit = TRUE;
     if ($config->initialized) {
       $content = $template->fetch('CRM/common/fatal.tpl');
       echo CRM_Utils_System::theme($content);
+      $exit = CRM_Utils_System::exitAfterFatal();
     }
     else {
       echo "Sorry. A non-recoverable error has occurred. The error trace below might help to resolve the issue<p>";
@@ -217,7 +219,7 @@ public static function handle($pearError) {
       exit;
     }
     $runOnce = TRUE;
-    self::abend(CRM_Core_Error::FATAL_ERROR);
+    self::abend(CRM_Core_Error::FATAL_ERROR, $exit);
   }
 
   /**
@@ -442,9 +444,10 @@ function_exists($config->fatalErrorHandler)
     }
 
     echo CRM_Utils_System::theme($content);
+    $exit = CRM_Utils_System::exitAfterFatal();
 
     // fin
-    self::abend(CRM_Core_Error::FATAL_ERROR);
+    self::abend(CRM_Core_Error::FATAL_ERROR, $exit);
   }
 
   /**
@@ -1000,11 +1003,13 @@ public static function movedSiteError($file) {
    *
    * @param string $code
    */
-  protected static function abend($code) {
+  protected static function abend($code, $exit = TRUE) {
     // do a hard rollback of any pending transactions
     // if we've come here, its because of some unexpected PEAR errors
     CRM_Core_Transaction::forceRollbackIfEnabled();
-    CRM_Utils_System::civiExit($code);
+    if ($exit) {
+      CRM_Utils_System::civiExit($code);
+    }
   }
 
   /**

diff --git a/CRM/Utils/System.php b/CRM/Utils/System.php
@@ -38,6 +38,7 @@
  * @method static array synchronizeUsers() Create CRM contacts for all existing CMS users.
  * @method static void appendCoreResources(\Civi\Core\Event\GenericHookEvent $e) Callback for hook_civicrm_coreResourceList.
  * @method static void alterAssetUrl(\Civi\Core\Event\GenericHookEvent $e) Callback for hook_civicrm_getAssetUrl.
+ * @method static exitAfterFatal() Should the current execution exit after a fatal error?
  */
 class CRM_Utils_System {
 

diff --git a/CRM/Utils/System/Base.php b/CRM/Utils/System/Base.php
@@ -1099,4 +1099,12 @@ public function getUfGroupTypes() {
     return [];
   }
 
+  /**
+   * Should the current execution exit after a fatal error?
+   * This is the appropriate functionality in most cases.
+   * @return bool
+   */
+  public function exitAfterFatal() {
+    return TRUE;
+  }
 }
diff --git a/CRM/Utils/System/WordPress.php b/CRM/Utils/System/WordPress.php
@@ -602,6 +602,8 @@ public function loadUser($user) {
    */
   public function permissionDenied() {
     status_header(403);
+    global $civicrm_wp_title;
+    $civicrm_wp_title = ts('You do not have permission to access this page.');
     throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
   }
 
@@ -1473,4 +1475,20 @@ public function showPasswordFieldWhenAdminCreatesUser() {
     return !$this->isUserRegistrationPermitted();
   }
 
+  /**
+   * Should the current execution exit after a fatal error?
+   *
+   * In WordPress, it is not usually possible to trigger theming outside of the WordPress theme process,
+   * meaning that in order to render an error inside the theme we cannot exit on error.
+   *
+   * @return bool
+   */
+  public function exitAfterFatal() {
+    $ret = TRUE;
+    if (!is_admin() && !wp_doing_ajax()) {
+      $ret = FALSE;
+    }
+
+    return apply_filters('civicrm_exit_after_fatal', $ret);
+  }
 }