From 236585c20b6bf9435955dce5c896bf39fb995a0e Mon Sep 17 00:00:00 2001 From: Darshan Date: Sat, 4 Oct 2025 18:38:35 +0530 Subject: [PATCH 1/2] fix: sanitize 5xx errors on realtime when running in production. --- app/realtime.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/app/realtime.php b/app/realtime.php index bb0d4da78c..e0a776b85b 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -604,11 +604,18 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server, $code = 500; } + $message = $th->getMessage(); + + // sanitize 5xx errors + if ($code >= 500 && !App::isDevelopment()) { + $message = 'Error: Server Error'; + } + $response = [ 'type' => 'error', 'data' => [ 'code' => $code, - 'message' => $th->getMessage() + 'message' => $message ] ]; @@ -705,11 +712,19 @@ $server->onMessage(function (int $connection, string $message) use ($server, $re throw new Exception(Exception::REALTIME_MESSAGE_FORMAT_INVALID, 'Message type is not valid.'); } } catch (Throwable $th) { + $code = $th->getCode(); + $message = $th->getMessage(); + + // sanitize 5xx errors + if ($code >= 500 && !App::isDevelopment()) { + $message = 'Error: Server Error'; + } + $response = [ 'type' => 'error', 'data' => [ - 'code' => $th->getCode(), - 'message' => $th->getMessage() + 'code' => $code, + 'message' => $message ] ]; From 02b982f3a1f434c8ab1e35e125fae69b7713ef46 Mon Sep 17 00:00:00 2001 From: Darshan Date: Mon, 6 Oct 2025 09:57:54 +0530 Subject: [PATCH 2/2] update: `code` fallback! --- app/realtime.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/realtime.php b/app/realtime.php index e0a776b85b..fccf5c9a20 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -713,6 +713,10 @@ $server->onMessage(function (int $connection, string $message) use ($server, $re } } catch (Throwable $th) { $code = $th->getCode(); + if (!is_int($code)) { + $code = 500; + } + $message = $th->getMessage(); // sanitize 5xx errors