1
trabis
Xoops 2.3.x debugger - bug or feature?
  • 2008/10/7 21:35

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I have noticed that debbuging info is being displayed to everybody and not just for admins (as in 2.0.18)

We can find the reason at class/logger.php around line 167:
/**
     * Output buffering callback inserting logger dump in page output
     */
    
function render$output ) {
        global 
$xoopsUser;
        if ( !
$this->activated/* || !$xoopsUser || !$xoopsUser->isAdmin()*/ ) {
            return 
$output;
        }
        
$this->renderingEnabled $this->activated false;
        
        
$log $this->dump$this->usePopup 'popup' '' );

        
$pattern '';
        
$pos strpos$output$pattern );
        if ( 
$pos !== false ) {
            return 
substr$output0$pos ) . $log substr$output$pos strlen$pattern ) );
        } else {
            return 
$output $log;
        }
    }


As you can see the check was commented out.
My question is:

Is this a bug or a feature?

IMHO, I like to be able to debug my site without having to close it.
Showing debug info to anonymous is a serious security risk ( and is not pretty).

Thanks.

2
ghia
Re: Xoops 2.3.x debugger - bug or feature?
  • 2008/10/7 23:18

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
Showing debug info to anonymous is a serious security risk ( and is not pretty).

There are circumstances, where you need to debug parts of the site unique for anonymous users. So, it makes sense to have the possibility. It is also the default behaviour in 2.2.x.

But you are right. It would be better that mosttimes only administrators or logged on users could see the debug output.
So, I plea for more options to control the debug output.
A selector block for users groups would be nice.

Also the selector for the output (error, sql, ...) is disturbing. I want the old function as an option available again. Only error messages. If there are none, there is also nothing shown.

Also the deprecation notices is something that should be selectable and by default off. It's only useful for developers and normal users with troubles on their site shouldn't be bothered with.

3
Marco
Re: Xoops 2.3.x debugger - bug or feature?
  • 2008/10/9 4:17

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


Do synergy or die.

4
trabis
Re: Xoops 2.3.x debugger - bug or feature?
  • 2008/10/9 12:51

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

Debug info should be visible to all users: administrators, members and anonymous. Disclosure of sensitive information should not be a concern in case debug mode is enabled since it is for debugging not for production.


Sometimes I need to debug on a live site. If I upgrade my site to 2.3 I will surely want to turn debug on so I can fix expected errors. Sometimes I need 100 users online and timers on to check performance, add cache to blocks, change modules preferences, etc.

Live sites have bugs, harder is to find a site with no bugs.
I´m sure that bugs reported on xoops.org foruns do not come just from localhost.



5
Marco
Re: Xoops 2.3.x debugger - bug or feature?
  • 2008/10/11 15:57

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


some options have been added in 2.3.1!
Do synergy or die.

Login

Who's Online

438 user(s) are online (312 user(s) are browsing Support Forums)


Members: 0


Guests: 438


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits