Author: davidt
Description:
Display the backtrace only if the wgShowExceptionDetails flag is enabled.
When there's an exception inside an exception handler, (such as when the $name parameter to SkinTemplate::makeTalkUrlDetails() is passed as "User:"), the backtrace is printed to the screen in any case, wherever $wgShowExceptionDetails is enabled or not.
On production sites - this a security vulnerability, because it shows all the paths to the files on the servers.
Attached a patch that makes it print the backtrace only in the case that the wgShowExceptionDetails value is set.
Version: 1.13.x
Severity: normal
URL: http://wikicafe.metacafe.com
Attached: