[Bug 17506] New: Exceptions inside Exception ignore $wgShowExceptionDetails

bugzilla-daemon Sun, 15 Feb 2009 07:06:52 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=17506


           Summary: Exceptions inside Exception ignore
                    $wgShowExceptionDetails
           Product: MediaWiki
           Version: 1.13.4
          Platform: All
               URL: http://wikicafe.metacafe.com
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: General/Unknown
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=5817)
 --> (https://bugzilla.wikimedia.org/attachment.cgi?id=5817)
Display the backtrace only if the wgShowExceptionDetails flag is enabled.

When there's an exception inside an exception handler, (such as when the $name
parameter to SkinTemplate::makeTalkUrlDetails() is passed as "User:"), the
backtrace is printed to the screen in any case, wherever
$wgShowExceptionDetails is enabled or not.

On production sites - this a security vulnerability, because it shows all the
paths to the files on the servers.

Attached a patch that makes it print the backtrace only in the case that the
wgShowExceptionDetails value is set.


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 17506] New: Exceptions inside Exception ignore $wgShowExceptionDetails

Reply via email to