PleaseStand has uploaded a new change for review.
https://gerrit.wikimedia.org/r/52029
Change subject: Hide server IP addresses from DB error pages
......................................................................
Hide server IP addresses from DB error pages
* Added new messages 'dberr-info-hidden', 'dberrortext-hidden',
and 'dberrortextcl-hidden'.
* Error details are only omitted if $wgShowHostnames is false, so
they will still be available to users of WMF wikis.
* Synchronized the existing fallback messages with MessagesEn.php,
except in cases of insignificant whitespace changes.
* English DB connection errors will still appear on non-English wikis
because bypassing LCStore_DB, necessary when the DB is down,
might be a bit too hackish.
Bug: 26811
Change-Id: I1756b296d5e8d1d22511a3c3b58b5bb0dd025fec
---
M RELEASE-NOTES-1.21
M includes/db/DatabaseError.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/language/messages.inc
5 files changed, 37 insertions(+), 17 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/29/52029/1
diff --git a/RELEASE-NOTES-1.21 b/RELEASE-NOTES-1.21
index 3471dbe..45f8495 100644
--- a/RELEASE-NOTES-1.21
+++ b/RELEASE-NOTES-1.21
@@ -187,6 +187,8 @@
"password mismatch" error.
* (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
extensions) performed using Git 1.7.8+ should now appear.
+* (bug 26811) On database error pages, server IP addresses are now hidden
+ from view (in most cases) when $wgShowHostnames is false.
=== API changes in 1.21 ===
* prop=revisions can now report the contentmodel and contentformat.
diff --git a/includes/db/DatabaseError.php b/includes/db/DatabaseError.php
index 18b2733..4968f8c 100644
--- a/includes/db/DatabaseError.php
+++ b/includes/db/DatabaseError.php
@@ -96,11 +96,12 @@
if ( trim( $error ) != '' ) {
$msg .= ": $error";
+ } else {
+ $error = $this->db->getServer();
}
- $this->error = $error;
-
parent::__construct( $db, $msg );
+ $this->error = $error;
}
/**
@@ -141,39 +142,40 @@
* @return string
*/
function getPageTitle() {
- global $wgSitename;
- return htmlspecialchars( $this->msg( 'dberr-header',
"$wgSitename has a problem" ) );
+ return $this->msg( 'dberr-header', 'This wiki has a problem' );
}
/**
* @return string
*/
function getHTML() {
- global $wgShowDBErrorBacktrace;
+ global $wgShowDBErrorBacktrace, $wgShowHostnames;
$sorry = htmlspecialchars( $this->msg( 'dberr-problems',
'Sorry! This site is experiencing technical difficulties.' ) );
$again = htmlspecialchars( $this->msg( 'dberr-again', 'Try
waiting a few minutes and reloading.' ) );
- $info = htmlspecialchars( $this->msg( 'dberr-info', '(Can\'t
contact the database server: $1)' ) );
+
+ if ( $wgShowHostnames ) {
+ $info = str_replace(
+ '$1', Html::element( 'span', array( 'dir' =>
'ltr' ), $this->error ),
+ htmlspecialchars( $this->msg( 'dberr-info',
'(Cannot contact the database server: $1)' ) )
+ );
+ } else {
+ $info = htmlspecialchars( $this->msg(
'dberr-info-hidden', '(Cannot contact the database server)' ) );
+ }
# No database access
MessageCache::singleton()->disable();
- if ( trim( $this->error ) == '' ) {
- $this->error = $this->db->getProperty( 'mServer' );
- }
-
- $this->error = Html::element( 'span', array( 'dir' => 'ltr' ),
$this->error );
-
- $noconnect =
"<h1>$sorry</h1><p>$again</p><p><small>$info</small></p>";
- $text = str_replace( '$1', $this->error, $noconnect );
+ $text =
"<h1>$sorry</h1><p>$again</p><p><small>$info</small></p>";
if ( $wgShowDBErrorBacktrace ) {
$text .= '<p>Backtrace:</p><p>' . nl2br(
htmlspecialchars( $this->getTraceAsString() ) );
}
- $extra = $this->searchForm();
+ $text .= '<hr />';
+ $text .= $this->searchForm();
- return "$text<hr />$extra";
+ return $text;
}
public function reportHTML() {
@@ -306,7 +308,12 @@
* @return string
*/
function getContentMessage( $html ) {
+ global $wgShowHostnames;
+
if ( $this->useMessageCache() ) {
+ if ( !$wgShowHostnames ) {
+ return wfMessage( $html ? 'dberrortext-hidden'
: 'dberrortextcl-hidden' )->text();
+ }
if ( $html ) {
$msg = 'dberrortext';
$sql = htmlspecialchars( $this->getSQL() );
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index 21bbc73..dc027e8 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -983,11 +983,14 @@
<blockquote><code>$1</code></blockquote>
from within function "<code>$2</code>".
Database returned error "<samp>$3: $4</samp>".',
+'dberrortext-hidden' => 'A database query syntax error has occurred.
+This may indicate a bug in the software.',
'dberrortextcl' => 'A database query syntax error has occurred.
The last attempted database query was:
"$1"
from within function "$2".
Database returned error "$3: $4"',
+'dberrortextcl-hidden' => 'A database query syntax error has
occurred.',
'laggedslavemode' => "'''Warning:''' Page may not contain recent
updates.",
'readonly' => 'Database locked',
'enterlockreason' => 'Enter a reason for the lock, including an
estimate of when the lock will be released',
@@ -4847,6 +4850,7 @@
This site is experiencing technical difficulties.',
'dberr-again' => 'Try waiting a few minutes and reloading.',
'dberr-info' => '(Cannot contact the database server: $1)',
+'dberr-info-hidden' => '(Cannot contact the database server)',
'dberr-usegoogle' => 'You can try searching via Google in the meantime.',
'dberr-outofdate' => 'Note that their indexes of our content may be out of
date.',
'dberr-cachederror' => 'This is a cached copy of the requested page, and may
not be up to date.',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index 4c61090..7bd1279 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -890,17 +890,20 @@
'error' => '{{Identical|Error}}',
'databaseerror' => 'Used as title of error message (one of the following
messages):
* {{msg-mw|Dberrortext}}
-* {{msg-mw|Dberrortextcl}}',
+* {{msg-mw|Dberrortextcl}}
+* {{msg-mw|Dberrortext-hidden}}',
'dberrortext' => 'Parameters:
* $1 - The last SQL command/query
* $2 - SQL function name
* $3 - Error number
* $4 - Error description',
+'dberrortext-hidden' => 'Has no parameters; used instead of
{{msg-mw|Dberrortext}} to hide details such as server IP addresses.',
'dberrortextcl' => 'Parameters:
* $1 - The last SQL command/query
* $2 - SQL function name
* $3 - Error number
* $4 - Error description',
+'dberrortextcl-hidden' => 'Has no parameters; used instead of
{{msg-mw|Dberrortextcl}} to hide details such as server IP addresses.',
'laggedslavemode' => 'Used as warning when getting the timestamp of the latest
version, if in LaggedSlaveMode.',
'readonly' => 'Used as title of error message when database is locked.',
'enterlockreason' => 'For developers when locking the database',
@@ -8493,6 +8496,7 @@
'dberr-again' => 'This message does not allow any wiki nor html markup.',
'dberr-info' => 'This message does not allow any wiki nor html markup.
* $1 - database server name',
+'dberr-info-hidden' => 'This message does not allow any wiki nor html markup.',
'dberr-usegoogle' => 'This message does not allow any wiki nor html markup.',
'dberr-outofdate' => "{{doc-singularthey}}
In this sentence, '''their''' indexes refers to '''Google's''' indexes. This
message does not allow any wiki nor html markup.",
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index ebf8a02..2875953 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -367,7 +367,9 @@
'error',
'databaseerror',
'dberrortext',
+ 'dberrortext-hidden',
'dberrortextcl',
+ 'dberrortextcl-hidden',
'laggedslavemode',
'readonly',
'enterlockreason',
@@ -3691,6 +3693,7 @@
'dberr-problems',
'dberr-again',
'dberr-info',
+ 'dberr-info-hidden',
'dberr-usegoogle',
'dberr-outofdate',
'dberr-cachederror',
--
To view, visit https://gerrit.wikimedia.org/r/52029
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1756b296d5e8d1d22511a3c3b58b5bb0dd025fec
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: PleaseStand <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
