From f559ec73e0dd44986735595210978af630e1b67a Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Sun, 10 Mar 2024 16:44:41 +0100
Subject: [PATCH] Add exception catch.

---
 app/Http/Middleware/SecureHeaders.php |  4 ++--
 app/Models/RuleAction.php             | 28 +++++++++++++++++----------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index d5d29d02c6..cdc3f1b24e 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -50,12 +50,12 @@ class SecureHeaders
         $csp                = [
             "default-src 'none'",
             "object-src 'none'",
-            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
+            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
             "style-src 'unsafe-inline' 'self'",
             "base-uri 'self'",
             "font-src 'self' data:",
             sprintf("connect-src 'self' %s", $trackingScriptSrc),
-            sprintf("img-src data: 'strict-dynamic' 'self' *.tile.openstreetmap.org %s", $trackingScriptSrc),
+            sprintf("img-src 'strict-dynamic' %s", $trackingScriptSrc),
             "manifest-src 'self'",
         ];
 
diff --git a/app/Models/RuleAction.php b/app/Models/RuleAction.php
index ae949c89d7..f5cf1bfccf 100644
--- a/app/Models/RuleAction.php
+++ b/app/Models/RuleAction.php
@@ -31,6 +31,8 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Support\Facades\Log;
+use Symfony\Component\ExpressionLanguage\SyntaxError;
 
 /**
  * FireflyIII\Models\RuleAction
@@ -67,25 +69,31 @@ class RuleAction extends Model
 
     protected $casts
                         = [
-                            'created_at'      => 'datetime',
-                            'updated_at'      => 'datetime',
-                            'active'          => 'boolean',
-                            'order'           => 'int',
-                            'stop_processing' => 'boolean',
-                        ];
+            'created_at'      => 'datetime',
+            'updated_at'      => 'datetime',
+            'active'          => 'boolean',
+            'order'           => 'int',
+            'stop_processing' => 'boolean',
+        ];
 
     protected $fillable = ['rule_id', 'action_type', 'action_value', 'order', 'active', 'stop_processing'];
 
     public function getValue(array $journal): string
     {
         if (false === config('firefly.feature_flags.expression_engine')) {
-            \Log::debug('Expression engine is disabled, returning action value as string.');
+            Log::debug('Expression engine is disabled, returning action value as string.');
 
             return (string)$this->action_value;
         }
-        $expr   = new ActionExpression($this->action_value);
-        $result = $expr->evaluate($journal);
-        \Log::debug(sprintf('Expression engine is enabled, result of expression "%s" is "%s".', $this->action_value, $result));
+        $expr = new ActionExpression($this->action_value);
+
+        try {
+            $result = $expr->evaluate($journal);
+        } catch (SyntaxError $e) {
+            Log::error(sprintf('Expression engine failed to evaluate expression "%s" with error "%s".', $this->action_value, $e->getMessage()));
+            $result = (string)$this->action_value;
+        }
+        Log::debug(sprintf('Expression engine is enabled, result of expression "%s" is "%s".', $this->action_value, $result));
 
         return $result;
     }