Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.1201
diff -u -p -r1.1201 common.inc
--- includes/common.inc 5 Aug 2010 08:36:08 -0000 1.1201
+++ includes/common.inc 6 Aug 2010 01:03:07 -0000
@@ -6328,6 +6328,12 @@ function _drupal_flush_css_js() {
function debug($data, $label = NULL, $print_r = FALSE) {
// Print $data contents to string.
$string = $print_r ? print_r($data, TRUE) : var_export($data, TRUE);
+
+ // Display non-scalar values with pre-formatting to increase readability.
+ if (!is_scalar($data)) {
+ $string = '' . $string . '
';
+ }
+
trigger_error(trim($label ? "$label: $string" : $string));
}
Index: includes/errors.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/errors.inc,v
retrieving revision 1.8
diff -u -p -r1.8 errors.inc
--- includes/errors.inc 28 Jun 2010 20:27:34 -0000 1.8
+++ includes/errors.inc 6 Aug 2010 01:03:07 -0000
@@ -70,10 +70,16 @@ function _drupal_error_handler_real($err
list($severity_msg, $severity_level) = $types[$error_level];
$caller = _drupal_get_last_caller(debug_backtrace());
+ if (!function_exists('filter_xss')) {
+ require_once DRUPAL_ROOT . '/includes/common.inc';
+ }
+
// We treat recoverable errors as fatal.
_drupal_log_error(array(
'%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error',
- '%message' => $message,
+ // The standard PHP error handler considers that the error messages
+ // are HTML. We mimick this behavior here.
+ '!message' => filter_xss_admin($message),
'%function' => $caller['function'],
'%file' => $caller['file'],
'%line' => $caller['line'],
@@ -118,7 +124,9 @@ function _drupal_decode_exception($excep
return array(
'%type' => get_class($exception),
- '%message' => $message,
+ // The standard PHP exception handler considers that the exception message
+ // is plain-text. We mimick this behavior here.
+ '!message' => check_plain($message),
'%function' => $caller['function'],
'%file' => $caller['file'],
'%line' => $caller['line'],
@@ -165,7 +173,9 @@ function error_displayable($error = NULL
* Log a PHP error or exception, display an error page in fatal cases.
*
* @param $error
- * An array with the following keys: %type, %message, %function, %file, %line.
+ * An array with the following keys: %type, !message, %function, %file, %line.
+ * All the parameters are plain-text, exception message, which needs to be
+ * a safe HTML string.
* @param $fatal
* TRUE if the error is fatal.
*/
@@ -200,7 +210,7 @@ function _drupal_log_error($error, $fata
$number++;
}
- watchdog('php', '%type: %message in %function (line %line of %file).', $error, $error['severity_level']);
+ watchdog('php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']);
if ($fatal) {
drupal_add_http_header('Status', '500 Service unavailable (with message)');
@@ -209,7 +219,7 @@ function _drupal_log_error($error, $fata
if (drupal_is_cli()) {
if ($fatal) {
// When called from CLI, simply output a plain text message.
- print html_entity_decode(strip_tags(t('%type: %message in %function (line %line of %file).', $error))). "\n";
+ print html_entity_decode(strip_tags(t('%type: !message in %function (line %line of %file).', $error))). "\n";
exit;
}
}
@@ -217,7 +227,7 @@ function _drupal_log_error($error, $fata
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if ($fatal) {
// When called from JavaScript, simply output the error message.
- print t('%type: %message in %function (line %line of %file).', $error);
+ print t('%type: !message in %function (line %line of %file).', $error);
exit;
}
}
@@ -233,8 +243,9 @@ function _drupal_log_error($error, $fata
$error['%type'] = 'Debug';
$class = 'status';
}
+// $error['!message'] = '' . $error['!message'] . '
';
- drupal_set_message(t('%type: %message in %function (line %line of %file).', $error), $class);
+ drupal_set_message(t('%type: !message in %function (line %line of %file).', $error), $class);
}
if ($fatal) {