* Fix PHP notice and estimates for dumpBackup.php and friends
* Improved register_globals paranoia checks
* (bug 7545) Fix PHP version check on install
+* Disable PHP exception backtrace printing unless $wgShowExceptionDetails
+ is set. Backtraces may contain sensitive information in function call
+ parameters.
== Languages updated ==
*/
$wgColorErrors = true;
+/**
+ * If set to true, uncaught exceptions will print a complete stack trace
+ * to output. This should only be used for debugging, as it may reveal
+ * private information in function parameters due to PHP's backtrace
+ * formatting.
+ */
+$wgShowExceptionDetails = false;
+
/**
* disable experimental dmoz-like category browsing. Output things like:
* Encyclopedia > Music > Style of Music > Jazz
return wfMsgReplaceArgs( $fallback, $args );
}
}
-
+
function getHTML() {
- return '<p>' . htmlspecialchars( $this->getMessage() ) .
- '</p><p>Backtrace:</p><p>' . nl2br( htmlspecialchars( $this->getTraceAsString() ) ) .
- "</p>\n";
+ global $wgShowExceptionDetails;
+ if( $wgShowExceptionDetails ) {
+ return '<p>' . htmlspecialchars( $this->getMessage() ) .
+ '</p><p>Backtrace:</p><p>' . nl2br( htmlspecialchars( $this->getTraceAsString() ) ) .
+ "</p>\n";
+ } else {
+ return "<p>Set <b><tt>\$wgShowExceptionDetails = true;</tt></b> " .
+ "in LocalSettings.php to show detailed debugging information.</p>";
+ }
}
function getText() {
- return $this->getMessage() .
- "\nBacktrace:\n" . $this->getTraceAsString() . "\n";
+ global $wgShowExceptionDetails;
+ if( $wgShowExceptionDetails ) {
+ return $this->getMessage() .
+ "\nBacktrace:\n" . $this->getTraceAsString() . "\n";
+ } else {
+ return "<p>Set <tt>\$wgShowExceptionDetails = true;</tt> " .
+ "in LocalSettings.php to show detailed debugging information.</p>";
+ }
}
function getPageTitle() {