From 3680eebedebf0fc42386f14d1acd894a835166e7 Mon Sep 17 00:00:00 2001 From: jynbil1 Date: Sun, 17 May 2026 13:02:46 +0900 Subject: [PATCH] Harden backend blog error flashes --- backend/controllers/BlogController.php | 27 ++++++++++++++++++----- tests/check-backend-blog-error-flashes.sh | 18 +++++++++++++++ 2 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 tests/check-backend-blog-error-flashes.sh diff --git a/backend/controllers/BlogController.php b/backend/controllers/BlogController.php index 8da4ce2f5..64df5f35c 100644 --- a/backend/controllers/BlogController.php +++ b/backend/controllers/BlogController.php @@ -95,7 +95,12 @@ public function actionCreate() if($response->getStatusCode() != 200) { - Yii::$app->session->addFlash("error", json_encode($response->data['message'])); + Yii::warning([ + 'message' => 'Blog post create failed', + 'status' => $response->getStatusCode(), + 'provider_message' => isset($response->data['message']) ? $response->data['message'] : null, + ], __METHOD__); + Yii::$app->session->addFlash("error", Yii::t('app', 'Unable to save blog post. Please try again.')); return $this->render('create', [ "post" => $params @@ -137,7 +142,13 @@ public function actionUpdate($id) $response = Yii::$app->blogManager->updatePost($id, $params); if($response->getStatusCode() != 200) { - Yii::$app->session->addFlash("error", json_encode($response->data['message'])); + Yii::warning([ + 'message' => 'Blog post update failed', + 'status' => $response->getStatusCode(), + 'post_id' => $id, + 'provider_message' => isset($response->data['message']) ? $response->data['message'] : null, + ], __METHOD__); + Yii::$app->session->addFlash("error", Yii::t('app', 'Unable to save blog post. Please try again.')); } else { return $this->redirect(['view', 'id' => $id]); } @@ -160,7 +171,13 @@ public function actionDelete($id) $response = Yii::$app->blogManager->deletePost($id); if($response->getStatusCode() != 200) { - Yii::$app->session->addFlash("error", json_encode($response->data['message'])); + Yii::warning([ + 'message' => 'Blog post delete failed', + 'status' => $response->getStatusCode(), + 'post_id' => $id, + 'provider_message' => isset($response->data['message']) ? $response->data['message'] : null, + ], __METHOD__); + Yii::$app->session->addFlash("error", Yii::t('app', 'Unable to delete blog post. Please try again.')); return $this->redirect(['view', 'id' => $id]); } @@ -180,11 +197,9 @@ protected function findModel($id) $response = Yii::$app->blogManager->viewPost($id); if($response->getStatusCode() != 200 || empty($response->data['ID'])) { - // Yii::$app->session->addFlash("error", json_encode($response->data['message'])); - throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.')); } return $response->data; } -} \ No newline at end of file +} diff --git a/tests/check-backend-blog-error-flashes.sh b/tests/check-backend-blog-error-flashes.sh new file mode 100644 index 000000000..cc4649b8d --- /dev/null +++ b/tests/check-backend-blog-error-flashes.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +set -euo pipefail + +target="backend/controllers/BlogController.php" + +grep -q "Blog post create failed" "$target" +grep -q "Blog post update failed" "$target" +grep -q "Blog post delete failed" "$target" +grep -q "Unable to save blog post. Please try again." "$target" +grep -q "Unable to delete blog post. Please try again." "$target" +grep -q "provider_message" "$target" + +if grep -Fq "addFlash(\"error\", json_encode(\$response->data['message']))" "$target"; then + echo "backend blog controller still flashes raw provider messages" >&2 + exit 1 +fi + +echo "Backend blog error flash guard passed."