CMSimple_XH 1.6.3 introduced a message to enable the debug mode in case a fatal PHP error occurs. Furthermore it introduced a mitigation against password manipulations by malicious extensions. Both features are implemented inside a single shutdown handler.
However, the shutdown handler is only called when the function error_get_last() is available (PHP >= 5.2.0). Furthermore Hartmut noted that the "enable the debug mode" is also shown, when the debug mode is already enabled, what is confusing.
I suggest the following fix:
Code: Select all
Index: cmsimple/cms.php
===================================================================
--- cmsimple/cms.php (revision 1397)
+++ cmsimple/cms.php (working copy)
@@ -310,9 +310,7 @@
/*
* Register shutdown handler.
*/
-if (function_exists('error_get_last')) {
- register_shutdown_function('XH_onShutdown');
-}
+register_shutdown_function('XH_onShutdown');
// removed from the core in XH 1.6, but left for compatibility with plugins.
$tx['meta']['codepage']='UTF-8';
Index: cmsimple/functions.php
===================================================================
--- cmsimple/functions.php (revision 1397)
+++ cmsimple/functions.php (working copy)
@@ -2774,9 +2774,11 @@
unset($_SESSION['xh_password'][CMSIMPLE_ROOT]);
}
- $lastError = error_get_last();
- if (in_array($lastError['type'], array(E_ERROR, E_PARSE))) {
- echo $tx['error']['fatal'];
+ if (error_reporting() <= 0 && function_exists('error_get_last')) {
+ $lastError = error_get_last();
+ if (in_array($lastError['type'], array(E_ERROR, E_PARSE))) {
+ echo $tx['error']['fatal'];
+ }
}
}