Use class name as detail if exception message is not set #7
Conversation
| @@ -135,7 +135,9 @@ public static function fromException(Exception $exception, $title = '', $type = | |||
| $type = self::RFC2616; | |||
| } | |||
|
|
|||
| return new self($code, $exception->getMessage(), $title, $type, $additionalDetails); | |||
| $detail = empty($exception->getMessage()) ? get_class($exception) : $exception->getMessage(); | |||
There was a problem hiding this comment.
I like the idea but I've got some concerns.
First I would not leak the fully qualified namespace. How about only the exception name?
Yet, this brings us to a second case. Still I find it risky because for instance capturing a PDOException and returning the class name reveals it's SQL problem (query, timeout, locked table, etc).
There was a problem hiding this comment.
I've got to agree, the getMessage() approach may lead to the same situation.
@clovnrian let me think about it
|
Yes, you have right, only class name would be better. And about the security... In your example the class name will tell you only what is the problem, but message will give you the SQL which is much worse. |
|
@clovnrian get the class name only, instead of the namespaced version, and I'm merging this |
Exception message isn't mandatory and if isn't set the exception is thrown. In many cases the exception class name is self explained, so if message is not set use the class name instead.