[Bug] 500 Error prints raw SQL despite ENV=production/debug off #5653
Comments
|
Hello there! Thanks for opening your first issue on this repo! Just a heads-up: Here at Backpack we use GitHub Issues only for tracking bugs. Talk about new features is also acceptable. This helps a lot in keeping our focus on improving Backpack. If you issue is not a bug/feature, please help us out by closing the issue yourself and posting in the appropriate medium (see below). If you're not sure where it fits, it's ok, a community member will probably reply to help you with that. Backpack communication channels:
Please keep in mind Backpack offers no official / paid support. Whatever help you receive here, on Gitter, Slack or Stackoverflow is thanks to our awesome awesome community members, who give up some of their time to help their peers. If you want to join our community, just start pitching in. We take pride in being a welcoming bunch. Thank you! -- |
|
Hey @amenk thanks for the report. Can you point me out how to reproduce this ? I've tried to do as you described but I wasn't able to reproduce it. What I did ? Changed the SQL as you proposed to get the error. // in \Illuminate\Database\Schema\Grammars\MySqlGrammar::compileColumns
public function compileColumns($database, $table)
{
return sprintf(
'select column_name as `name`, data_type as `type_name`, column_type as `type`, '
.'collation_name as `collation`, is_nullable as `nullable`, '
.'column_default as `default`, column_comment as `comment`, '
.'generation_expression as `expression`, extra as `extra` '
.'from information_schema.columns where table_schema = %s and table_name = %s '
.'order by ordinal_position asc',
$this->quoteString($database),
- $this->quoteString($table),
+ 'lol'
);
}With With I would like to reproduce this before taking any action. But I won't mind adding in our error views a check for {!! $exception?->getMessage() && config('app.debug') ? e($exception->getMessage()) : trans('backpack::base.error_page.message_500') !!}Let me know, cheers. |
pxpm
added
Possible Bug
|
Thanks for looking into this so quickly. I change the query like this (prepending an x) .'xgeneration_expression as The "lol" might break the sprintf instead of causing an SQL error which seems to lead to another error. Also I am not sure what renders https://private-user-images.githubusercontent.com/7188159/364795406-a6fac359-ed25-46bb-93de-0cab5da35753.png - maybe some proxy might be involved in your setup and hides the error if the "xgeneration" does not reproduce it? |
|
Still unable to reproduce it. 😞
I am sure there is something different we both are doing. But if I break the query like you said, I get the exception shown in the picture. Any idea of what I could be doing differently ? Cheers |
|
Strange. Which versions are you using? |
Yes it's not with debug false, when ### PHP VERSION:
8.2.5
### PHP EXTENSIONS:
Core, bcmath, calendar, ctype, date, filter, hash, iconv, json, SPL, pcre, random, readline, Reflection, session, standard, mysqlnd, tokenizer, zlib, libxml, dom, PDO, openssl, SimpleXML, xml, xmlreader, xmlwriter, curl, ftp, fileinfo, gd, gmp, intl, mbstring, exif, mysqli, Phar, pdo_mysql, pdo_sqlite, sodium, sqlite3, zip, xsl, xdebug
### LARAVEL VERSION:
11.21.0.0
### BACKPACK PACKAGE VERSIONS:
backpack/activity-log: 2.0.5
backpack/backupmanager: v5.0.4
backpack/basset: 1.3.6
backpack/calendar-operation: 1.0.6
backpack/crud: 6.7.33
backpack/demo: dev-main
backpack/devtools: 3.1.6
backpack/editable-columns: 3.0.10
backpack/filemanager: 3.0.8
backpack/generators: v4.0.5
backpack/language-switcher: 2.0.0
backpack/logmanager: v5.0.2
backpack/medialibrary-uploaders: 1.2.0
backpack/menucrud: v4.0.1
backpack/newscrud: 5.1.0
backpack/pagemanager: 3.3.0
backpack/permissionmanager: 7.2.1
backpack/pro: 2.2.14
backpack/revise-operation: 2.0.0
backpack/settings: 3.1.1
backpack/theme-coreuiv2: 1.2.5
backpack/theme-coreuiv4: 1.1.2
backpack/theme-tabler: 1.2.12
backpack/translation-manager: 1.0.4I will try to reproduce on a new installation and get back to you 👍 |
|
Just tested on a new laravel + backpack + theme tabler (no addons). Same result, if I mess with the query as you said, I either get the stack trace with or I get the 500 server error page when debug is false. I never get the "Backpack" error page, unless I throw an Can you reproduce it in a clean install ? Cheers |
|
I did not yet find the time to setup a clean install... In the screenshot with debug on you can see that the exception message contains sensitive SQL info, somit should never be printed out if debug is false
I think that's the problem..what server are you using? And which browser? Something seems to hide the template output on the 500er? |
|
Like you said, it must be server dependent, and I wasn't able to reproduce the issue. In any case, ensuring Thanks for the suggestion, I've already merged the fix and will tag a new version later today 👍 |
|
thank you |
Bug report
What I did
Installed Laravel 11 and Backpack crud 6.7.25 on a host with MySQL5.6
With APP_DEBUG=false, APP_ENV=production
What I expected to happen
A clean error message, not revealing any technical details
What happened
![error message]https://github.com/user-attachments/assets/52b6449f-8316-434b-998b-e4dc986dd690)
What I've already tried to fix it
Could be fixed by removing the exception message in
vendor/backpack/crud/src/resources/views/ui/errors/500.blade.php:12
Repro if you don't want to install an old MySQL
You can also just break the SQL In
\Illuminate\Database\Schema\Grammars\MySqlGrammar::compileColumnsto force such an error to appear.
Is it a bug in the latest version of Backpack?
yes
CRUD/src/resources/views/ui/errors/500.blade.php
Line 12 in ae31f26
Backpack, Laravel, PHP, DB version
The text was updated successfully, but these errors were encountered: