From d6a9f3a2f226de11156a94769acee11ed1b8d68e Mon Sep 17 00:00:00 2001 From: Kevin Israel Date: Sun, 13 Oct 2013 08:09:36 -0400 Subject: [PATCH] Hide message for DBUnexpectedError exceptions DBUnexpectedErrors are now treated like most other exceptions; we now hide the error messages (which could contain sensitive information such as IP addresses) unless $wgShowExceptionDetails is true. In that case, the messages (and redacted backtraces) would be shown even if $wgShowDBErrorBacktrace is false, though hiding them would add complexity to the exception handler for little benefit. Bug: 26811 Change-Id: I063c241975ce5b12a04abc21821ac67c716b3d5e --- RELEASE-NOTES-1.23 | 3 +++ includes/AutoLoader.php | 1 + includes/DefaultSettings.php | 5 +++++ includes/db/DatabaseError.php | 15 ++++++++++++--- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23 index 382b54f06e..8d967f585d 100644 --- a/RELEASE-NOTES-1.23 +++ b/RELEASE-NOTES-1.23 @@ -151,6 +151,9 @@ production. message instead of leading the user to make a null edit. * (bug 52659) mediawiki.notification: Notification area remained visible when empty and thus was stealing pointer events from links on the page. +* (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now + hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace + no longer applies in such cases. === Web API changes in 1.23 === * (bug 54884) action=parse&prop=categories now indicates hidden and missing diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index 3e3805b6de..87dc95d95e 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -449,6 +449,7 @@ $wgAutoloadLocalClasses = array( 'DBConnectionError' => 'includes/db/DatabaseError.php', 'DBConnRef' => 'includes/db/LoadBalancer.php', 'DBError' => 'includes/db/DatabaseError.php', + 'DBExpectedError' => 'includes/db/DatabaseError.php', 'DBObject' => 'includes/db/DatabaseUtility.php', 'IDatabase' => 'includes/db/Database.php', 'IORMRow' => 'includes/db/IORMRow.php', diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 4ad2188e4e..734c27ef0d 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -5015,6 +5015,11 @@ $wgShowExceptionDetails = false; /** * If true, show a backtrace for database errors + * + * @note This setting only applies when connection errors and query errors are + * reported in the normal manner. $wgShowExceptionDetails applies in other cases, + * including those in which an uncaught exception is thrown from within the + * exception handler. */ $wgShowDBErrorBacktrace = false; diff --git a/includes/db/DatabaseError.php b/includes/db/DatabaseError.php index b4c73651d9..377aca15c3 100644 --- a/includes/db/DatabaseError.php +++ b/includes/db/DatabaseError.php @@ -38,7 +38,16 @@ class DBError extends MWException { $this->db = $db; parent::__construct( $error ); } +} +/** + * Base class for the more common types of database errors. These are known to occur + * frequently, so we try to give friendly error messages for them. + * + * @ingroup Database + * @since 1.23 + */ +class DBExpectedError extends DBError { /** * @return string */ @@ -80,14 +89,14 @@ class DBError extends MWException { * @return string */ protected function getHTMLContent() { - return '

' . nl2br( htmlspecialchars( $this->getMessage() ) ) . '

'; + return '

' . nl2br( htmlspecialchars( $this->getTextContent() ) ) . '

'; } } /** * @ingroup Database */ -class DBConnectionError extends DBError { +class DBConnectionError extends DBExpectedError { /** @var string Error text */ public $error; @@ -313,7 +322,7 @@ EOT; /** * @ingroup Database */ -class DBQueryError extends DBError { +class DBQueryError extends DBExpectedError { public $error, $errno, $sql, $fname; /** -- 2.20.1