ID: 37532 Updated by: [EMAIL PROTECTED] Reported By: spam01 at pornel dot net -Status: Open +Status: Bogus Bug Type: Feature/Change Request Operating System: * PHP Version: 5.1.4 New Comment:
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Noone forces you to publish an exception on your websites. Indeed it is recommended that you have display_errors off. Check the internals@ archives why the exception members are final. Previous Comments: ------------------------------------------------------------------------ [2006-05-19 22:59:43] spam01 at pornel dot net Description: ------------ Exception::getTrace() is final. Because of that it's not possible to override it in order to hide backtrace when it contains sensitive data. I'm developing library and I'd like to throw exceptions from sensitive context without messing default handlers. I realize that client's code is supposed to catch exceptions or disable reporting, but I can't believe that everyone will RTFM and comply. This issue also affects PDO. It would be nice if it could hide passwords instead of just having this risk documented. Reproduce code: --------------- class StealthFoolproofException extends Exception { function getTrace() {return NULL;} } function test($secretpassword) { throw new StealthFoolproofException(); } test('don\'t reveal that'); Expected result: ---------------- PHP Error: Fatal error: Uncaught exception StealthFoolproofException ... Stack trace: none. Actual result: -------------- Cannot override final method Exception::getTrace(). If not overriden, reveals arguments. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=37532&edit=1