avoid SPL exception display db connect data

2013-04-07 17:23:10 +02:00 · 2013-04-07 17:23:10 +02:00 · 1e5c38d065
commit 1e5c38d065
parent 9d8829f0df
2 changed files with 20 additions and 4 deletions
--- a/include/compat.inc.php
+++ b/include/compat.inc.php
@ -103,19 +103,34 @@ if (!function_exists('errorToExceptionHandler')) {
            echo '<pre>';
            // trying to be as detailled as possible - but beware using args containing sensibel data like passwords
            if (function_exists('debug_backtrace') && version_compare(PHP_VERSION, '5.3.6') >= 0) {
-                $debugbacktrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
+                if ( version_compare(PHP_VERSION, '5.4') >= 0 ) { 
+                    $debugbacktrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 8);
+                } else {
+                    $debugbacktrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
+                }
                print_r($debugbacktrace);
            }
-
-            throw new ErrorException($errStr); // tracepath = all, if not ini_set('display_errors', 0);
+            if (!S9Y_DBCON_HALT_ERROR) {
+                // debugbacktrace is nice, but additional it is good to have the verbosity of SPL EXCEPTIONS for db connect errors
+                throw new ErrorException($errStr); // tracepath = all, if not ini_set('display_errors', 0);
+            } else {
+                echo '<p>' . $errStr . ' in ' . $errFile . ' on line ' . $errLine . '</p>';
+            }
            echo '</pre>'; // if using throw new ... this ending tag will not be send and displayed, but it still looks better and browsers don't really care
+            exit; // make sure to exit in case of database connection errors.
        }
        if ($serendipity['production'] === false) { 
            echo '<p> == TESTING ERROR MODE == </p>';
            echo '<pre>';
            //print_r($args); // do this in strong test environments only, as containing sensible data! Better use debug!
-            throw new ErrorException("Serendipity error: " . $errStr); // tracepath = all; 
+            if (!S9Y_DBCON_HALT_ERROR) {
+                // debugbacktrace is nice, but additional it is good to have the verbosity of SPL EXCEPTIONS for db connect errors
+                throw new ErrorException($errStr); // tracepath = all, if not ini_set('display_errors', 0);
+            } else {
+                echo '<p>' . $errStr . ' in ' . $errFile . ' on line ' . $errLine . '</p>';
+            }
            echo '</pre>'; // if using throw new ... this ending tag will not be send and displayed, but it still looks better and browsers don't really care
+            exit; // make sure to exit in case of database connection errors.
        } 
        if ($serendipity['production'] === true) { 
            // ToDo: enhance for more special serendipity error needs
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@ -288,6 +288,7 @@ if (serendipity_FUNCTIONS_LOADED !== true) {
 if (!serendipity_db_connect()) {
    $serendipity['lang'] = 'en';
    include(S9Y_INCLUDE_PATH . 'include/lang.inc.php');
+    define('S9Y_DBCON_HALT_ERROR', true);
    serendipity_die(DATABASE_ERROR);
 }