7x/error display hardening alt2 by robinsowell · Pull Request #5246 · ExpressionEngine/ExpressionEngine · GitHub
Skip to content

7x/error display hardening alt2#5246

Open
robinsowell wants to merge 6 commits into
7.devfrom
7x/error-display-hardening-alt2
Open

7x/error display hardening alt2#5246
robinsowell wants to merge 6 commits into
7.devfrom
7x/error-display-hardening-alt2

Conversation

@robinsowell

@robinsowell robinsowell commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

OK- this is frankly my preference for the error hardening.

#5244 Uses global buffering to catch server level errors we can't 100% get otherwise

#5245 ditches the buffering but can't catch all critical errors and just feels a little janky.

#5246 ditches buffering, does not try to catch all of those server errors. Does fix other EE related leaked output, but we'd note in the docs that if you want NO server errors to show, that must be done via server setting.

Compared to current 7.dev, this version is stricter for non-allowed users:

  • Native PHP warnings/notices rendered through EE are now suppressed unless detailed debug access is allowed.
  • Caught exceptions now show the generic public error unless detailed debug access is allowed.
  • DB error output now shows the generic public error unless detailed debug access is allowed.
  • Fatal engine shutdown handling only logs; it does not render anything new.
  • The one intentional visibility alignment is can_debug: this version treats debug == 1 plus can_debug as allowed for detailed errors, matching how EE already enables debugging in core. That may be broader than the old show_exception() template check, which considered Super Admin but not always can_debug. I’d consider that a consistency fix, not a public leak.

It does NOT do:

  • no global output buffer
  • no clearing all buffers at shutdown
  • no forced display_errors = 0 juggling in the front controllers
  • no attempt to replace PHP-engine fatal output in the browser

So the remaining browser exposure for critical engine fatals is exactly the server-config boundary: if PHP/server has display_errors on, PHP may show engine fatal output. This branch does not add to that; it just logs those fatals when EE reaches shutdown.

That fixes the debug = 0 case. Before this change, a logged-in Super Admin would still get detailed PHP/exception/DB error output even when debugging was configured off. That effectively made Super Admin status an implicit “show detailed errors” override.
and consistency for the db error.
@robinsowell robinsowell marked this pull request as ready for review May 6, 2026 20:49
blunket pushed a commit to blunket/ExpressionEngine that referenced this pull request Jun 4, 2026
Alternative to ExpressionEngine#5246

Non-debug + no session / member_id == 0: exits before rendering error_exception.php, so guests no longer see Exception Caught.
Debug override / config debug > 1: unchanged, still shows details.
Logged-in users: existing behavior preserved.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant