In #358437-29: Filter system security fixes from SA-2008-073 not applied to Drupal 7.x, a watchdog with WATCHDOG_ALERT severity was added to check_markup(). From what I can tell, this is the only error condition in core that uses this severity level. According to http://www.faqs.org/rfcs/rfc3164.html, this means "Alert: action must be taken immediately".

Why is this condition so severe? True, it means the site isn't showing content that the site owner may think the site should be showing, but aren't there dozens of other reasons for which that can also happen (e.g., a field type module being disabled)?

CommentFileSizeAuthor
#4 1174656-4_missing_text_format_severity_level.patch644 bytesfengtan

Issue fork drupal-1174656

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented

I'd like to see a formal specification + documentation in code for usage of severity levels. I think that Drupal should use more than info, notice, and error -- but lacking a specification, almost all code in Drupal uses these low levels. For example, PHP fatal errors should lead to an emergency log message, but right now, fatal errors have the same severity as any other error - that's just weird.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir commented

I think one major reason is security implications. For example, if the text format did execute PHP code, the PHP code would be shown to the visitor now. This could for example mean passwords or similar things are exposed.

Not idea if it really needs to be ALERT, but certainly something high :)

effulgentsia’s picture

effulgentsia CreditAttribution: effulgentsia commented

I don't think there's security leak here. This is the code:

 if (!$format = filter_format_load($format_id)) {
    watchdog('filter', 'Missing text format: %format.', array('%format' => $format_id), WATCHDOG_ALERT);
    return '';
  }

We return empty string, and watchdog the format id only.

fengtan’s picture

fengtan
Location Montreal, Canada
CreditAttribution: fengtan as a volunteer and at McGill University commented
Title: Document why text format not existing is the only error with WATCHDOG_ALERT severity » Lower watchdog severity of missing text formats
Issue summary: View changes
Status: Active » Needs review
FileSize
1174656-4_missing_text_format_severity_level.patch644 bytes

If it helps there is some documentation in system.api.php (which basically replicates RFC 3164):

 *     - WATCHDOG_EMERGENCY: Emergency, system is unusable.
 *     - WATCHDOG_ALERT: Alert, action must be taken immediately.
 *     - WATCHDOG_CRITICAL: Critical conditions.
 *     - WATCHDOG_ERROR: Error conditions.
 *     - WATCHDOG_WARNING: Warning conditions.
 *     - WATCHDOG_NOTICE: Normal but significant conditions.
 *     - WATCHDOG_INFO: Informational messages.
 *     - WATCHDOG_DEBUG: Debug-level messages.

Wikipedia adds this information for Alert-level messages:

A condition that should be corrected immediately, such as a corrupted system database.

In our case we receive messages about missing text formats for pages that look fine -- as @effulgentsia mentioned above check_markup() just falls back to returning an empty string. As a result there is no immediate action required, but because the messages are sent with the severity WATCHDOG_ALERT they pollute our monitoring tool with messages we do not want to see.

How about lowering the severity from WATCHDOG_ALERT to WATCHDOG_ERROR ? That might be more appropriate.

Attached is a proposed patch.

fengtan opened merge request !26