I have a few comments about the way the current error handling / presentation is built, and would like to collect some ideas from you all on what expectations are of the current system, and ideas for how it can be improved.
As I understand it, here is the basic behaviour in the framework / cms module:
CMS:
- Page errors that occur through ContentController::httpError are formatted into code-customised responses through ErrorPage::response_for before being passed to RequestHandler::httpError. This gives us nice user-friendly errors using the current theme.
Framework:
- Errors that occur through RequestHandler::httpError allow extensions to intercept the extension, first by using onBeforeHTTPErrorXXX (where XXX is an error code), then by onBeforeHTTPError. A specific extension to a request handler could then throw their own SS_HTTPResponse_Exception, although the default behaviour is to simply generate a plain text error message. 'RequestHandler' itself is an unextendable class, so extensions need to be applied to each individual subclass (Form, FormField, etc...).
- Director catches any SS_HTTPResponse_Exceptions in handleRequest, extracts the exceptions response, and returns it as its own.
- Exceptions other than SS_HTTPREsponse_Exception and user_error calls are handled by exceptionHandler / errorHandler (Debug.php). This logs the error and will perform one of two actions:
- For dev / cli environments it will print a descriptive stacktrace of the error.
- For live environments it renders any pre-generated error-XXX.html file in assets (where XXX is an error code). There is a bit of class_exists('ErrorPage') tying the framework back into the CMS here.
Both
- As with the Director class, various RequestHandler instances that call handleRequest on nested handlers catch any thrown SS_HTTPResponse_Exception instances, simply turning the contained SS_HTTPResponse object as its own.
Having different ways of presenting the custom error page (whether by live DB records as in ContentController, or by static pre-generated files) is quite understandable, but I'm a bit concerned about errors from other RequestHandler instances simply outputting their error directly to the browser (live, dev, or whatever). Additionally, even if an error is handled by ContentController::httpError, SS_HTTPResponse_Exceptions completely bypass the error logging system in Debug, meaning any email (or other logging) notifications aren't sent.
Would it be ok to suggest a rethink of the request / response stack a little in order to develop a better error notification, as well as a better reporting system?
I also understand that there's a necessity to separate CMS module (which contains ErrorPage) from the core framework, but could error handling and presentation not be done in a bit more of an "injected" fashion so that the CMS can extend the built in error handling?
For error logging I can simply add a writer with SS_Log::add_writer. Could error handling (perhaps at the Director / Debug level) not also be controlled in a similar fashion? Users could then add their own injected behaviour (e.g. creating a 404 page logging system that behaves differently to normal errors).
Whatever the solution, a default framework / cms install should not be outputting plain text error messages in the live environment, IMHO at least.
As with everything in Silverstripe, I'm probably just lacking knowledge as to why the system was built the way it was, and why certain decisions were made the way they were, so please let me know what I'm missing, or if I've failed to understand anything correctly. :)
Thank you!
Damian