You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
Well, its been a while, but its my turn to ask for a bit of help. In version 5.1, when an error is encountered in the code, it is written to the page, generally in a comment block in the HTML. This happens for example, when there is a database error, such as might happen if the MySQL server was down for a minute. It is useful information for debugging; but the trouble is, the error message gives away rather a lot of sensitive information about database name, user name, paths, etc. I'm going to write a mod to make it possible to turn that debugging information on or off, but I need a bit of information about how the error is written into the code. Does anyone know what subroutine would write that information to the page? Any starting points at all? Thanks in advance for any assistance and of course, I'll share the mod when it is complete.
Thanks,
Rachael
EDIT: The error message I got that triggered the concern was due to a momentary DB server outage and was as follows (edited to remove sensitive info):
Script Execution Error The following error was just encountered: DBI connect('host=localhost;database=database_name_shown_here,'username_was_shown_here',...) failed: Can't connect to local MySQL server through socket '/path/shown/here/mysql.sock' (2) at /more/important/path/shown/here/database.pl line 232
Last edited by rachaelseven (01-08-2008 09:05:49)
Offline
My first guess is in display.pl, subroutine display_print_sub, this bit of code...
if ($@) { if ($display_array_filename !~ /^ste_mail_/) { print "<!-- DISPLAY ERROR: SUBROUTINE $display_subroutine GENERATED MESSAGE: $@ -->"; } ######### End of if statement. } ######### End of if statment.
Can Nick or anyone confirm if I'm looking in the right place? My thought is just to add a setting in the global settings page that will allow me to turn off the error reporting by checking the setting in the if statement before printing it. Any comments?
Offline
Ok, I've taken a stab at this, but would appreciate confirmation before I upload the changed files. What I have done is to find in display.pl each instance of:
if ($display_array_filename !~ /^ste_mail_/) { print "<!--
and change it to:
if ($display_array_filename !~ /^ste_mail_/ && $site_print_debugging eq "Y") { print "<!--
Then, I edited settings.csv to add the following line:
site_print_debugging,PROGRAM,Enable Debugging HTML Comments,N,SELECT-CUSTOM,Yes:Y|No:N,Y
Seems reasonable to me, but I'm hesitating to test it until I get a bit of feedback. Thanks!
Offline
Well, tested and seems to work fine. So if you want to add an admin setting to enable or disable the error messages in the HTML comments, give the above mod a try. Of course, this is an unofficial mod, so be sure to back up everything, test thoroughly, and use at your own risk.
Offline
Hi,
So when the setting is disabled - what is shown to the user when there is an error? is it just a blank page?
Offline
Hi Charlie,
It doesn't have any effect on what's shown to the user - it just takes out the HTML comments that tend to give away too much information for my taste.
Offline
Hi Rachael,
I was thinking that is the one that displays info in black text on a white page when there is an error - maybe thats from the web host company???
Offline
Hi Charlie,
The generic "500" errors are from the hosting company. You can create a custom error page through your host to mitigate that one. The other black on white page that comes up that has the message about the directories being set incorrectly is from cp-app.cgi and really cannot be readily changed.
Offline
Rachael,
You might want to modify your code to send an email to the site admin upon a display error vs. suppressing the error alltogether. This would ensure the integrity of your mod while not bypassing error checking. As far as the advise request goes, you went straight to the correct place and your logic seems fine.
-Stephen
Offline
That's a good suggestion, Stephen. In fact, I think I do have a rudimentary email-the-administrator bit in my personal version of the code. This is a pretty old post though, and if someone needs that functionality (which I agree is as good idea), I'll recommend they speak with you about a proper implementation.
Offline