New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle DB errors in categories search plugin #6710
Conversation
catch (RuntimeException $e) | ||
{ | ||
$rows = array(); | ||
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the point in catching the error if we are going to then show it in a system message? I think it should be sent to logs or at least check that the user has core.admin rights before showing the DB error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well at least the page still renders :P But I agree with the point. Part of the issue is we don't want to show the database prefix to an average user. We need a more general error message and to ensure the DB failure is logged somewhere for admins
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
JDatabaseDriver already has logging mechanisms in place...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes. I tested that today when @wilsonge suggested it in Glip. Is not easy to understand but you can get the debug system plugin showing that kind of errors.
Is there a better way to do this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So for db exceptions we need to replace:
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');
with:
if (JFactory::getUser()->authorise('core.admin'))
{
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it not be better to do that at the JModuleHelper level?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's at the module rendering level I think it's not enough:
- It's not something that we can use everywhere (a recommended practice that we can document)
- Sometimes you want to return content even having an exception that requires admin review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It isn't JModuleHelper's job to act as a global exception handler for
modules. Same as JComponentHelper doesn't for components.
The error message displayed to the user, if one is displayed, should
always be sanitized. IMO there isn't a need to wrap the enqueueMessage
call in a core.admin permission check. Use the logs for verbose error
logging with "sensitive" data.. In the UI, it is difficult to turn one on,
I agree, but the code structure is already present to use this stuff.
Let's not make things more difficult than we need to please.
On Friday, April 10, 2015, George Wilson notifications@github.com wrote:
In plugins/search/categories/categories.php
#6710 (comment):@@ -169,7 +169,15 @@ public function onContentSearch($text, $phrase = '', $ordering = '', $areas = nu
}$db->setQuery($query, 0, $limit);
$rows = $db->loadObjectList();
try
{
$rows = $db->loadObjectList();
}
catch (RuntimeException $e)
{
$rows = array();
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');
Would it not be better to do that at the JModuleHelper level?
—
Reply to this email directly or view it on GitHub
https://github.com/joomla/joomla-cms/pull/6710/files#r28108367.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with Michael. Don't show the query error to the user. Just show a generic message "Oops, the database query failed. Please notifiy the administrator." Or something like that. I wouldn't add ACL checks for that kind of things.
We could add docs for the administrator how to get the full error.
The errors should be logged and currently that requires proper configuration of debug. Consider that not sufficient. The product should have a logger enabled for errors. |
It can be default enabled but there are conditions to keep in mind:
On Friday, April 10, 2015, sovainfo notifications@github.com wrote:
|
the point is how the core modules,plugins,ect handle db errors ( #6591 ) ? showing a generic message JFactory::getApplication()->enqueueMessage('blah blah ', 'warning'); or something different like if (JFactory::getUser()->authorise('core.admin'))
{
JLog::addLogger("blla bla");
........
} i would prefer the keep it simplest stupid "bla bla" msg but not sure to understand what exactly is the "family feeling" i'm missing something? p.s |
Me and @roland-d just had a chat about this. We have made an executive call that we show a generic "blah blah" message to users and then just add the exception message into the Logs. Just make sure it isn't in a category that will be shown to the frontend user. |
showing a generic msg to user log the error
done |
I think probably something different. I'll ping @brianteeman in the language string group on glip |
@wilsonge Any update on this? |
@brianteeman recommended as it's a string to frontend users we either display a hugely simplified string of "There has been an error" or don't show a string at all. |
@@ -169,7 +169,16 @@ public function onContentSearch($text, $phrase = '', $ordering = '', $areas = nu | |||
} | |||
|
|||
$db->setQuery($query, 0, $limit); | |||
$rows = $db->loadObjectList(); | |||
try |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alikon Can you please add an empty line before try so we stick to the codestyle. Thanks.
@test Works as described, after generating an error, I get a simple error message that the database connection is not there. To test, I changed the plugins/search/categories/categories.php file on line 152 and changed THEN to THN. On the frontend, I used the search function to search categories only and received the error page with a large DB query. After applying the patch and making the same change, I now receive a graceful message. |
@alikon There are a lot of these db PRs. Is there a comprehensive list with all of them that should be tested? |
@roland-d my search string
;) |
Did same testing procedure like @roland-d - successfull This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6710. |
RTC 😄 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6710. |
Closing in favour of #7073 |
updated to handle DB errors like #6612, #6632 and for #6591
Testing info
simulate a db error