Last modified: 2010-05-15 16:02:58 UTC
Created attachment 5817 [details] Display the backtrace only if the wgShowExceptionDetails flag is enabled. When there's an exception inside an exception handler, (such as when the $name parameter to SkinTemplate::makeTalkUrlDetails() is passed as "User:"), the backtrace is printed to the screen in any case, wherever $wgShowExceptionDetails is enabled or not. On production sites - this a security vulnerability, because it shows all the paths to the files on the servers. Attached a patch that makes it print the backtrace only in the case that the wgShowExceptionDetails value is set.
The bug was found and fixed by David Tabachnikov and Romi Romano from Metacafe.
Done in r47305