r16944 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r16943‎ \| r16944 \| r16945 >
Date:	18:57, 11 October 2006
Author:	brion
Status:	old
Tags:
Comment:	* Disable PHP exception backtrace printing unless $wgShowExceptionDetails is set. Backtraces may contain sensitive information in function call parameters.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/Exception.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -790,6 +790,14 @@
791	791	$wgColorErrors = true;
792	792
793	793	/**
	794	+ * If set to true, uncaught exceptions will print a complete stack trace
	795	+ * to output. This should only be used for debugging, as it may reveal
	796	+ * private information in function parameters due to PHP's backtrace
	797	+ * formatting.
	798	+ */
	799	+$wgShowExceptionDetails = false;
	800	+
	801	+/**
794	802	* disable experimental dmoz-like category browsing. Output things like:
795	803	* Encyclopedia > Music > Style of Music > Jazz
796	804	*/
Index: trunk/phase3/includes/Exception.php
—	—	@@ -20,16 +20,28 @@
21	21	return wfMsgReplaceArgs( $fallback, $args );
22	22	}
23	23	}
24		-
	24	+
25	25	function getHTML() {
26		~~- return '<p>' . htmlspecialchars( $this->getMessage() ) .~~
27		~~- '</p><p>Backtrace:</p><p>' . nl2br( htmlspecialchars( $this->getTraceAsString() ) ) .~~
28		~~- "</p>\n";~~
	26	+ global $wgShowExceptionDetails;
	27	+ if( $wgShowExceptionDetails ) {
	28	+ return '<p>' . htmlspecialchars( $this->getMessage() ) .
	29	+ '</p><p>Backtrace:</p><p>' . nl2br( htmlspecialchars( $this->getTraceAsString() ) ) .
	30	+ "</p>\n";
	31	+ } else {
	32	+ return "<p>Set <b><tt>\$wgShowExceptionDetails = true;</tt></b> " .
	33	+ "in LocalSettings.php to show detailed debugging information.</p>";
	34	+ }
29	35	}
30	36
31	37	function getText() {
32		~~- return $this->getMessage() .~~
33		~~- "\nBacktrace:\n" . $this->getTraceAsString() . "\n";~~
	38	+ global $wgShowExceptionDetails;
	39	+ if( $wgShowExceptionDetails ) {
	40	+ return $this->getMessage() .
	41	+ "\nBacktrace:\n" . $this->getTraceAsString() . "\n";
	42	+ } else {
	43	+ return "<p>Set <tt>\$wgShowExceptionDetails = true;</tt> " .
	44	+ "in LocalSettings.php to show detailed debugging information.</p>";
	45	+ }
34	46	}
35	47
36	48	function getPageTitle() {
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -33,6 +33,9 @@
34	34	* Fix PHP notice and estimates for dumpBackup.php and friends
35	35	* Improved register_globals paranoia checks
36	36	* (bug 7545) Fix PHP version check on install
	37	+* Disable PHP exception backtrace printing unless $wgShowExceptionDetails
	38	+ is set. Backtraces may contain sensitive information in function call
	39	+ parameters.
37	40
38	41
39	42	== Languages updated ==