Handle DB errors in categories search plugin #6710
Conversation
| catch (RuntimeException $e) | ||
| { | ||
| $rows = array(); | ||
| JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error'); |
There was a problem hiding this comment.
What is the point in catching the error if we are going to then show it in a system message? I think it should be sent to logs or at least check that the user has core.admin rights before showing the DB error.
There was a problem hiding this comment.
Well at least the page still renders :P But I agree with the point. Part of the issue is we don't want to show the database prefix to an average user. We need a more general error message and to ensure the DB failure is logged somewhere for admins
There was a problem hiding this comment.
JDatabaseDriver already has logging mechanisms in place...
There was a problem hiding this comment.
yes. I tested that today when @wilsonge suggested it in Glip. Is not easy to understand but you can get the debug system plugin showing that kind of errors.
Is there a better way to do this?
There was a problem hiding this comment.
So for db exceptions we need to replace:
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');with:
if (JFactory::getUser()->authorise('core.admin'))
{
JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');
}There was a problem hiding this comment.
Would it not be better to do that at the JModuleHelper level?
There was a problem hiding this comment.
If it's at the module rendering level I think it's not enough:
- It's not something that we can use everywhere (a recommended practice that we can document)
- Sometimes you want to return content even having an exception that requires admin review
There was a problem hiding this comment.
It isn't JModuleHelper's job to act as a global exception handler for
modules. Same as JComponentHelper doesn't for components.
The error message displayed to the user, if one is displayed, should
always be sanitized. IMO there isn't a need to wrap the enqueueMessage
call in a core.admin permission check. Use the logs for verbose error
logging with "sensitive" data.. In the UI, it is difficult to turn one on,
I agree, but the code structure is already present to use this stuff.
Let's not make things more difficult than we need to please.
On Friday, April 10, 2015, George Wilson notifications@github.com wrote:
In plugins/search/categories/categories.php
#6710 (comment):@@ -169,7 +169,15 @@ public function onContentSearch($text, $phrase = '', $ordering = '', $areas = nu
}$db->setQuery($query, 0, $limit);
$rows = $db->loadObjectList();try{$rows = $db->loadObjectList();}catch (RuntimeException $e){$rows = array();JFactory::getApplication()->enqueueMessage($e->getMessage(), 'error');Would it not be better to do that at the JModuleHelper level?
—
Reply to this email directly or view it on GitHub
https://github.com/joomla/joomla-cms/pull/6710/files#r28108367.
There was a problem hiding this comment.
I agree with Michael. Don't show the query error to the user. Just show a generic message "Oops, the database query failed. Please notifiy the administrator." Or something like that. I wouldn't add ACL checks for that kind of things.
We could add docs for the administrator how to get the full error.
|
The errors should be logged and currently that requires proper configuration of debug. Consider that not sufficient. The product should have a logger enabled for errors. |
|
It can be default enabled but there are conditions to keep in mind:
On Friday, April 10, 2015, sovainfo notifications@github.com wrote:
|
|
Guess you missed the second word: ERROR |
|
the point is how the core modules,plugins,ect handle db errors ( #6591 ) ? showing a generic message JFactory::getApplication()->enqueueMessage('blah blah ', 'warning');or something different like if (JFactory::getUser()->authorise('core.admin'))
{
JLog::addLogger("blla bla");
........
}i would prefer the keep it simplest stupid "bla bla" msg but not sure to understand what exactly is the "family feeling" i'm missing something? p.s |
|
Me and @roland-d just had a chat about this. We have made an executive call that we show a generic "blah blah" message to users and then just add the exception message into the Logs. Just make sure it isn't in a category that will be shown to the frontend user. |
showing a generic msg to user log the error
|
done |
|
I think probably something different. I'll ping @brianteeman in the language string group on glip |
|
@wilsonge Any update on this? |
|
@brianteeman recommended as it's a string to frontend users we either display a hugely simplified string of "There has been an error" or don't show a string at all. |
| @@ -169,7 +169,16 @@ public function onContentSearch($text, $phrase = '', $ordering = '', $areas = nu | |||
| } | |||
|
|
|||
| $db->setQuery($query, 0, $limit); | |||
| $rows = $db->loadObjectList(); | |||
| try | |||
There was a problem hiding this comment.
@alikon Can you please add an empty line before try so we stick to the codestyle. Thanks.
|
@test Works as described, after generating an error, I get a simple error message that the database connection is not there. To test, I changed the plugins/search/categories/categories.php file on line 152 and changed THEN to THN. On the frontend, I used the search function to search categories only and received the error page with a large DB query. After applying the patch and making the same change, I now receive a graceful message. |
|
@alikon There are a lot of these db PRs. Is there a comprehensive list with all of them that should be tested? |
|
@roland-d my search string ;) |
|
Did same testing procedure like @roland-d - successfull This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6710. |
|
RTC 😄 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6710. |
|
Closing in favour of #7073 |
updated to handle DB errors like #6612, #6632 and for #6591
Testing info
simulate a db error