Respect the error_reporting ini setting so that the full details of the ... #1

Merged
merged 4 commits into from Jan 29, 2013

Conversation

Projects
None yet
3 participants
@nburka
Contributor

nburka commented Jan 16, 2013

...error code including stack-trace isn't displayed publicly on a live site

Respect the error_reporting ini setting so that the full details of t…
…he error code including stack-trace isn't displayed publicly on a live site
@gauthierm

This comment has been minimized.

Show comment Hide comment
@gauthierm

gauthierm Jan 16, 2013

Member

This change prevents all fault codes from being displayed if display_errors is off. In some situations, you want to display friendly errors to the consumers of your live API.

The display_errors check would be better in the XML_RPC2_Backend_Xmlrpcext_Server::getResponse() and XML_RPC2_Backend_Php_Server::getResponse() general exception catch.

Member

gauthierm commented Jan 16, 2013

This change prevents all fault codes from being displayed if display_errors is off. In some situations, you want to display friendly errors to the consumers of your live API.

The display_errors check would be better in the XML_RPC2_Backend_Xmlrpcext_Server::getResponse() and XML_RPC2_Backend_Php_Server::getResponse() general exception catch.

nburka added some commits Jan 17, 2013

Revert "Respect the error_reporting ini setting so that the full deta…
…ils of the error code including stack-trace isn't displayed publicly on a live site"

This reverts commit a0ab8ed.
Respect the error_reporting ini setting so that the full details of t…
…he error code including stack-trace isn't displayed publicly on a live site. Handle just default php Exceptions in the try/catch blocks of the server backends.
@CloCkWeRX

This comment has been minimized.

Show comment Hide comment
@CloCkWeRX

CloCkWeRX Jan 28, 2013

Member

I'm not really comfortable with the changes - what exceptions are you seeing which aren't being handled correctly?

Member

CloCkWeRX commented Jan 28, 2013

I'm not really comfortable with the changes - what exceptions are you seeing which aren't being handled correctly?

@gauthierm

This comment has been minimized.

Show comment Hide comment
@gauthierm

gauthierm Jan 28, 2013

This could say "Unhandled PHP Exception" instead of empty string.

This could say "Unhandled PHP Exception" instead of empty string.

@gauthierm

This comment has been minimized.

Show comment Hide comment
@gauthierm

gauthierm Jan 28, 2013

Member

CloCkWeRX, the change is intended to prevent full stack traces being returned by the XML-RPC server when display_errors is off. Stack traces are excellent for development, but on a live system you don't want to expose the internals of your app via the XML-RPC API. The display_errors PHP ini setting is usually used to achieve this.

Member

gauthierm commented Jan 28, 2013

CloCkWeRX, the change is intended to prevent full stack traces being returned by the XML-RPC server when display_errors is off. Stack traces are excellent for development, but on a live system you don't want to expose the internals of your app via the XML-RPC API. The display_errors PHP ini setting is usually used to achieve this.

CloCkWeRX added a commit that referenced this pull request Jan 29, 2013

Merge pull request #1 from nburka/trunk
Respect the error_reporting ini setting so that the full details of the ...

@CloCkWeRX CloCkWeRX merged commit 4be2d64 into pear:trunk Jan 29, 2013

gauthierm pushed a commit to gauthierm/XML_RPC2 that referenced this pull request Oct 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment