Many developers use the JError::raiseError to show errors and redirect users to the default Joomla! 403/404 pages. Sometimes JError::raiseError shows backtrace information when the module which uses JError::raiseError is configured to use certain module positions.
For example when a module which uses JError::raiseError is configured to use the "Debug" position it shows the backtrace and the end users see the information on the front page. If such module uses the "Search" position the backtrace is not displayed. The same behavior is valid for other module positions.
Check the screenshot for more info.
I believe that the JError::raiseError legacy class should not show the backtrace by default in any cases.
The backtrace is displayed in some cases.
CentOS
PHP 5.5
MySQL 5.5
None
Actually, JError shouldn't be used anymore as it is deprecated in favor of Exceptions. So best fix would be to actually remove the calls and change them to Exceptions or just enqueue a message.
Can I close this then?
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4762.
The issue is valid, but the solution is to change instances of JError to either Exceptions or regular messages. Juts needs someone to do it
I don't think this report is valid. First of all, the backtrace is displayed on the 404 page in the debug position and not in search, because there is no search module position on the 404 page. Second of all, the backtrace, as far as I can see it, is only displayed when debugging is enabled. I could not replicate getting a backtrace when debugging is not enabled.
Labels |
Added:
?
|
Status | New | ⇒ | Information Required |
Is this still a valid issue - its been almost a year since the last comment
Would it be worth doing a mass search and replace of JError::raiseError
with JFactory::getApplication()->enqueueMessage
and determine cases needing Exception handling later?
I wouldn't go that route. JError::raiseError()
, the way the handlers are configured in the application bootstrap, is meant to redirect immediately to the error page and end processing. Enqueuing a message without altering what happens after that can result in unexpected behaviors. JError::raiseError()
should probably map to Exceptions being thrown instead of just enqueuing a message. Problem is there is so much code in the CMS that expects JError style handling or doesn't handle errors at all that you're looking at a rather large project with no simple fix which is why PRs like #8130 get accepted as massive hacks to mask the poor error handling in general.
Would the more correct replacement for:
JError::raiseError(403, JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
be along the lines of:
throw new Exception(JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
(of course I'm not sure where the exception catch in the CMS would happen, or if an exception catch would need to be added along with the JError replacements)
Thank you for creating this but based on the comments above about jerror I am closing this
Status | Information Required | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-05-08 15:20:26 |
Closed_By | ⇒ | brianteeman |
Here is a screenshot:
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4762.