Commit | Line | Data |
---|---|---|
e3747bbc | 1 | # Exceptions |
659673d5 MS |
2 | |
3 | ## SPL Exceptions | |
4 | ||
5 | The [Standard PHP Library (SPL)](https://secure.php.net/manual/en/book.spl.php) provides some [exceptions](https://secure.php.net/manual/en/spl.exceptions.php) that should be used whenever possible. | |
6 | ||
7 | ||
8 | ## Custom Exceptions | |
9 | ||
9003992d | 10 | !!! warning "Do not use `wcf\system\exception\SystemException` anymore, use specific exception classes!" |
659673d5 MS |
11 | |
12 | The following table contains a list of custom exceptions that are commonly used. | |
be7792c4 | 13 | All of the exceptions are found in the `wcf\system\exception` namespace. |
659673d5 | 14 | |
be7792c4 | 15 | | Class name | (examples) when to use | |
659673d5 | 16 | |-----------|------------------------| |
be7792c4 MS |
17 | | `IllegalLinkException` | access to a page that belongs to a non-existing object, executing actions on specific non-existing objects (is shown as http 404 error to the user) | |
18 | | `ImplementationException` | a class does not implement an expected interface | | |
19 | | `InvalidObjectArgument` | <span class="label label-info">5.4+</span> API method support generic objects but specific implementation requires objects of specific (sub)class and different object is given | | |
20 | | `InvalidObjectTypeException` | object type is not of an expected object type definition | | |
21 | | `InvalidSecurityTokenException` | given security token does not match the security token of the active user's session | | |
22 | | `ParentClassException` | a class does not extend an expected (parent) class | | |
23 | | `PermissionDeniedException` | page access without permission, action execution without permission (is shown as http 403 error to the user) | | |
24 | | `UserInputException` | user input does not pass validation | | |
a7f75edd TD |
25 | |
26 | ## Sensitive Arguments in Stack Traces | |
27 | ||
28 | Sometimes sensitive values are passed as a function or method argument. | |
29 | If the callee throws an Exception, these values will be part of the Exception’s stack trace and logged, unless the Exception is caught and ignored. | |
30 | ||
31 | WoltLab Suite will automatically suppress the values of parameters named like they might contain sensitive values, namely arguments matching the regular expression `/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/`. | |
32 | ||
33 | If you need to suppress additional arguments from appearing in the stack trace, you can add the `\wcf\SensitiveArgument` attribute to such parameters. | |
256c1d64 | 34 | Arguments are only supported as of PHP 8 and ignored as comments in lower PHP versions. |
a7f75edd TD |
35 | In PHP 7, such arguments will not be suppressed, but the code will continue to work. |
36 | Make sure to insert a linebreak between the attribute and the parameter name. | |
37 | ||
38 | Example: | |
39 | ||
40 | {jinja{ codebox( | |
41 | language="php", | |
42 | title="wcfsetup/install/files/lib/data/user/User.class.php", | |
43 | contents=""" | |
44 | <?php | |
45 | ||
46 | namespace wcf\data\user; | |
47 | ||
48 | // … | |
49 | ||
50 | final class User extends DatabaseObject implements IPopoverObject, IRouteController, IUserContent | |
51 | { | |
52 | // … | |
53 | ||
54 | public function checkPassword( | |
55 | #[\wcf\SensitiveArgument()] | |
56 | $password | |
57 | ) { | |
58 | // … | |
59 | } | |
60 | ||
61 | // … | |
62 | } | |
63 | """ | |
64 | ) }} |