1) you could simply force an sql exception by changing an sql statement.Joe1234 wrote: ↑Fri Apr 18, 2025 1:48 pmHI, a few questions:nonnedelectari wrote: ↑Wed Jan 22, 2025 9:18 amOn exception catching:
We use this in system/framework.phpcatches the exceptions and returns a static maintenance page (maintenance.html) or a json encoded record with a non technical message in case an ajax request was made (takes care of those awkward json syntax error popups with html error messages).Code: Select all
function exit_nicely () { $headers = array_change_key_case(apache_request_headers(),CASE_LOWER); $json_req = ((array_key_exists("accept",$headers) && stristr($headers['accept'],'application/json')) ? true : false); $ajax_req = ((array_key_exists("x-requested-with",$headers) && $headers['x-requested-with'] == 'XMLHttpRequest') ? true : false); error_log('Framework: exiting nicely'); if ($json_req || $ajax_req) { error_log('Exception handler: Returning json error record to '.$_SERVER['REMOTE_ADDR'].' for '.$_SERVER['REQUEST_URI']); $json = array(); $json['error']['warning'] = 'Sorry, we seem to be experiencing some difficulties, please try again or contact us directly.'; $json['success'] = 'Sorry, we seem to be experiencing some difficulties, please try again or contact us directly.'; $json_serial = json_encode($json); error_log($json_serial); header('Content-Type: application/json'); echo $json_serial; } else { error_log('Exception Handler: Showing static maintenance page to '.$_SERVER['REMOTE_ADDR'].' for '.$_SERVER['REQUEST_URI']); ob_start(); include('maintenance.html'); $problem_page = ob_get_clean(); http_response_code(503); echo $problem_page; } die(); } set_exception_handler("handle_exception"); function handle_exception ($exception) { error_log($exception->getFile().' - line: '.$exception->getLine().' - Message: '.$exception->getMessage().' - '.$exception->getTraceAsString()); exit_nicely(); }
In the meantime it logs the necessary info in your php error log.
1/ How specifically can I test this, force the error, to make sure it is functioning correctly on my site as opposed waiting to see if I get the similar errors ever again?
2/ Should this code be inserted at a specific point in the file (just to make sure something doesn't need to be activated first)?
3/ What directory should 'maintenance.html' be placed in?
Thanks.
2) those are just functions so anywhere in framework.php will do
3) the code as is assumes your root, but you can alter that to includes/maintenance.html and put it in your includes directory.
PS. it has to be a static html page, so no php and no sql or you may trigger the error at hand in a loop.
In your php error log you would get something like this when an sql error occurs (I changed the field country_id to country_ids in the query which does not exist):
Code: Select all
[18-Apr-2025 14:41:29] /system/library/db/mysqli.php - line: 160 - Message: Error: Unknown column 'country_ids' in 'field list'<br />Error No: 1054<br />select country_ids from oc_country where iso_code_2 = 'SG' - #0 /system/library/db.php(143): DB\MySQLi->query('select country_...')
#1 /catalog/controller/startup/startup.php(2587): DB->query('select country_...')
#2 /storage/modification/system/engine/action.php(78): ControllerStartupStartup->index()
#3 /system/engine/router.php(34): Action->execute(Object(Registry))
#4 /system/engine/router.php(19): Router->execute(Object(Action))
#5 /system/framework.php(313): Router->dispatch(Object(Action), Object(Action))
#6 /system/startup.php(123): require_once('/...')
#7 /index.php(25): start('catalog')
#8 {main}
[18-Apr-2025 14:41:29] Framework: exiting nicely
[18-Apr-2025 14:41:29] Exception Handler: Showing static maintenance page to xxx.xxx.xxx.xxx for /
Still, while this will catch and handle exceptions which are thrown but not caught, you still need to close your sql injection hole as this does not do that for you.
