Merge pull request #2962 from coreshop/copilot/fix-information-exposure-issue

dpfaffenbauer · web-flow · commit 8af585be906b · 2026-01-30T08:37:46.000+01:00
Fix information exposure in OrderInvoiceController and OrderShipmentController
diff --git a/src/CoreShop/Bundle/OrderBundle/Controller/OrderInvoiceController.php b/src/CoreShop/Bundle/OrderBundle/Controller/OrderInvoiceController.php
@@ -187,8 +187,7 @@ public function renderAction(Request $request): Response
                     'Content-Disposition' => 'inline; filename="invoice-' . $invoice->getId() . '.pdf"',
                 ];
             } catch (\Exception $e) {
-                $responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();
-                $header = ['Content-Type' => 'text/html'];
+                return new Response('An error occurred while rendering the invoice.', 500, ['Content-Type' => 'text/html']);
             }
 
             return new Response($responseData, 200, $header);
diff --git a/src/CoreShop/Bundle/OrderBundle/Controller/OrderShipmentController.php b/src/CoreShop/Bundle/OrderBundle/Controller/OrderShipmentController.php
@@ -183,8 +183,7 @@ public function renderAction(Request $request): Response
                     'Content-Disposition' => 'inline; filename="shipment-' . $shipment->getId() . '.pdf"',
                 ];
             } catch (\Exception $e) {
-                $responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();
-                $header = ['Content-Type' => 'text/html'];
+                return new Response('An error occurred while rendering the shipment.', 500, ['Content-Type' => 'text/html']);
             }
 
             return new Response($responseData, 200, $header);

Original file line number	Diff line number	Diff line change
`@@ -187,8 +187,7 @@ public function renderAction(Request $request): Response`
`187`	`187`	`'Content-Disposition' => 'inline; filename="invoice-' . $invoice->getId() . '.pdf"',`
`188`	`188`	`];`
`189`	`189`	`} catch (\Exception $e) {`
`190`		`- $responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();`
`191`		`- $header = ['Content-Type' => 'text/html'];`
	`190`	`+ return new Response('An error occurred while rendering the invoice.', 500, ['Content-Type' => 'text/html']);`
`192`	`191`	`}`
`193`	`192`
`194`	`193`	`return new Response($responseData, 200, $header);`
Original file line number	Diff line number	Diff line change
`@@ -183,8 +183,7 @@ public function renderAction(Request $request): Response`
`183`	`183`	`'Content-Disposition' => 'inline; filename="shipment-' . $shipment->getId() . '.pdf"',`
`184`	`184`	`];`
`185`	`185`	`} catch (\Exception $e) {`
`186`		`- $responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();`
`187`		`- $header = ['Content-Type' => 'text/html'];`
	`186`	`+ return new Response('An error occurred while rendering the shipment.', 500, ['Content-Type' => 'text/html']);`
`188`	`187`	`}`
`189`	`188`
`190`	`189`	`return new Response($responseData, 200, $header);`