In #358437-29: Filter system security fixes from SA-2008-073 not applied to Drupal 7.x, a watchdog with WATCHDOG_ALERT severity was added to check_markup(). From what I can tell, this is the only error condition in core that uses this severity level. According to http://www.faqs.org/rfcs/rfc3164.html, this means "Alert: action must be taken immediately".
Why is this condition so severe? True, it means the site isn't showing content that the site owner may think the site should be showing, but aren't there dozens of other reasons for which that can also happen (e.g., a field type module being disabled)?
Comment | File | Size | Author |
---|---|---|---|
#4 | 1174656-4_missing_text_format_severity_level.patch | 644 bytes | fengtan |
Issue fork drupal-1174656
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #1
sunI'd like to see a formal specification + documentation in code for usage of severity levels. I think that Drupal should use more than info, notice, and error -- but lacking a specification, almost all code in Drupal uses these low levels. For example, PHP fatal errors should lead to an emergency log message, but right now, fatal errors have the same severity as any other error - that's just weird.
Comment #2
BerdirI think one major reason is security implications. For example, if the text format did execute PHP code, the PHP code would be shown to the visitor now. This could for example mean passwords or similar things are exposed.
Not idea if it really needs to be ALERT, but certainly something high :)
Comment #3
effulgentsia CreditAttribution: effulgentsia commentedI don't think there's security leak here. This is the code:
We return empty string, and watchdog the format id only.
Comment #4
fengtanIf it helps there is some documentation in system.api.php (which basically replicates RFC 3164):
Wikipedia adds this information for Alert-level messages:
In our case we receive messages about missing text formats for pages that look fine -- as @effulgentsia mentioned above check_markup() just falls back to returning an empty string. As a result there is no immediate action required, but because the messages are sent with the severity
WATCHDOG_ALERT
they pollute our monitoring tool with messages we do not want to see.How about lowering the severity from
WATCHDOG_ALERT
toWATCHDOG_ERROR
? That might be more appropriate.Attached is a proposed patch.