Re: RFC: Change default of XH_debugmode()
Posted: Tue Apr 15, 2014 10:43 pm
Well, I believe changing the default of XH_debugmode() is neither sensible nor necessary for what I had in mind. Actually I was and still am concerned about fatal errors (E_ERROR, E_PARSE and may some more). As Holger had already pointed out, these would be shown, indepent of the user being logged in as admin, when the debug mode is enabled, but it is better to suppress such messages for security reasons ("don't reveal internals to outsiders"). So usually debug mode should be disabled on a production server.
The solution would be to avoid the particular error message, but to display that such a fatal error occured, and to instruct the user about the debug mode for further information (perhaps a link to our forum might be appropriate, too). This could be accomplished by registering a shutdown handler (as fatal errors can't be caught by an error handler), and to check whether there was a fatal error at all. A rough outline for insertion to cms.php (or maybe even better to the index.php's):
As error_get_last() is available since PHP 5.2 only, users of older PHP version won't benefit, but those should better update anyway.
What do you think?
The solution would be to avoid the particular error message, but to display that such a fatal error occured, and to instruct the user about the debug mode for further information (perhaps a link to our forum might be appropriate, too). This could be accomplished by registering a shutdown handler (as fatal errors can't be caught by an error handler), and to check whether there was a fatal error at all. A rough outline for insertion to cms.php (or maybe even better to the index.php's):
Code: Select all
function shutdown()
{
$lastError = error_get_last();
if (in_array($lastError['type'], array(E_ERROR, E_PARSE))) {
echo 'A fatal error occured ...';
}
}
if (function_exists('error_get_last')) {
register_shutdown_function('shutdown');
}What do you think?