From ab190206e75a11316753a73decffd5516e6945b9 Mon Sep 17 00:00:00 2001 From: Angie Byron Date: Sat, 16 Oct 2010 00:00:17 +0000 Subject: #642160 by boombatower, Damien Tournoud: Make debug() message more usable. --- includes/errors.inc | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) (limited to 'includes/errors.inc') diff --git a/includes/errors.inc b/includes/errors.inc index 990f60cfd..235c16141 100644 --- a/includes/errors.inc +++ b/includes/errors.inc @@ -70,10 +70,16 @@ function _drupal_error_handler_real($error_level, $message, $filename, $line, $c list($severity_msg, $severity_level) = $types[$error_level]; $caller = _drupal_get_last_caller(debug_backtrace()); + if (!function_exists('filter_xss_admin')) { + require_once DRUPAL_ROOT . '/includes/common.inc'; + } + // We treat recoverable errors as fatal. _drupal_log_error(array( '%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error', - '%message' => $message, + // The standard PHP error handler considers that the error messages + // are HTML. We mimick this behavior here. + '!message' => filter_xss_admin($message), '%function' => $caller['function'], '%file' => $caller['file'], '%line' => $caller['line'], @@ -118,7 +124,9 @@ function _drupal_decode_exception($exception) { return array( '%type' => get_class($exception), - '%message' => $message, + // The standard PHP exception handler considers that the exception message + // is plain-text. We mimick this behavior here. + '!message' => check_plain($message), '%function' => $caller['function'], '%file' => $caller['file'], '%line' => $caller['line'], @@ -135,7 +143,7 @@ function _drupal_decode_exception($exception) { * An error message. */ function _drupal_render_exception_safe($exception) { - return check_plain(strtr('%type: %message in %function (line %line of %file).', _drupal_decode_exception($exception))); + return check_plain(strtr('%type: !message in %function (line %line of %file).', _drupal_decode_exception($exception))); } /** @@ -165,7 +173,9 @@ function error_displayable($error = NULL) { * Log a PHP error or exception, display an error page in fatal cases. * * @param $error - * An array with the following keys: %type, %message, %function, %file, %line. + * An array with the following keys: %type, !message, %function, %file, %line. + * All the parameters are plain-text, exception message, which needs to be + * a safe HTML string. * @param $fatal * TRUE if the error is fatal. */ @@ -188,7 +198,7 @@ function _drupal_log_error($error, $fatal = FALSE) { // as it uniquely identifies each PHP error. static $number = 0; $assertion = array( - $error['%message'], + $error['!message'], $error['%type'], array( 'function' => $error['%function'], @@ -200,7 +210,7 @@ function _drupal_log_error($error, $fatal = FALSE) { $number++; } - watchdog('php', '%type: %message in %function (line %line of %file).', $error, $error['severity_level']); + watchdog('php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']); if ($fatal) { drupal_add_http_header('Status', '500 Service unavailable (with message)'); @@ -209,7 +219,7 @@ function _drupal_log_error($error, $fatal = FALSE) { if (drupal_is_cli()) { if ($fatal) { // When called from CLI, simply output a plain text message. - print html_entity_decode(strip_tags(t('%type: %message in %function (line %line of %file).', $error))). "\n"; + print html_entity_decode(strip_tags(t('%type: !message in %function (line %line of %file).', $error))). "\n"; exit; } } @@ -217,7 +227,7 @@ function _drupal_log_error($error, $fatal = FALSE) { if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { if ($fatal) { // When called from JavaScript, simply output the error message. - print t('%type: %message in %function (line %line of %file).', $error); + print t('%type: !message in %function (line %line of %file).', $error); exit; } } @@ -234,7 +244,7 @@ function _drupal_log_error($error, $fatal = FALSE) { $class = 'status'; } - drupal_set_message(t('%type: %message in %function (line %line of %file).', $error), $class); + drupal_set_message(t('%type: !message in %function (line %line of %file).', $error), $class); } if ($fatal) { -- cgit v1.2.3