git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Kevin Israel <pleasestand@live.com>
	Sun, 3 Mar 2013 14:27:47 +0000 (09:27 -0500)
committer	Kevin Israel <pleasestand@live.com>
	Tue, 3 Sep 2013 20:55:52 +0000 (16:55 -0400)
commit	4ca98057ca42a1bd632aa5c879563d9a619d8427
tree	05ac1d2ae433a99789c399b8f1b2531186852d1f	tree \| snapshot
parent	384c13add4532362f9278275c8dacfc71c92ea28	commit \| diff

Hide server IP addresses from DB error pages

Error details are now omitted if both $wgShowHostnames and
$wgShowSQLErrors are false. WMF wikis have the former set to true;
users of those wikis can still include the details in bug reports.

Fixing this for DBConnectionError was more or less straightforward.
However, in the case of DBQueryError, this involved splitting the
error message into multiple smaller messages (killing a raw HTML
message in the process).

Note that this is an incomplete fix: information disclosure is,
for now, still possible from DBUnexpectedError exceptions (are
these even supposed to go into the exception log?) or exceptions
that occur from within the exception handler. Yet this is still
an improvement.

Bug: 26811
Change-Id: I1756b296d5e8d1d22511a3c3b58b5bb0dd025fec

RELEASE-NOTES-1.22		diff \| blob \| history
includes/db/DatabaseError.php		diff \| blob \| history
languages/messages/MessagesEn.php		diff \| blob \| history
languages/messages/MessagesQqq.php		diff \| blob \| history
maintenance/language/messages.inc		diff \| blob \| history