I understand this has been asked a bunch of times and probably appropriately answered so I ask you give me some grace here. I want to log errors to the error log but NOT display them to the client and for some reason nothing I've tried is making any difference. I'm currently using error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT); and my PHP.ini has the following for display_errors:
display_errors = Off
I thought maybe the framework I'm using or some code was overwriting that value (possibly via ini_set()) but if I ask PHP what the value is via:
$display_errors = ini_get('display_errors');
if ( filter_var( $display_errors, FILTER_VALIDATE_BOOLEAN) ){
echo "display_errors = true\n";
} else {
echo "display_errors = false\n";
}
I get false (Note: I put the code at the end of the view/template for the framework). If I grep or use VSCode to search the codebase for display_errors I don't see any references that override the default behavior. If it makes any difference the actual value of display_errors as reported by ini_get() is an empty string ''. In case it's not clear this is in the context of Apache2 (Apache/2.4.29) on Ubuntu. What am I missing? Is there a third flag around displaying errors? TIA
Edited:
Framework is CodeIgniter v2.2.6 as reported by system/core/CodeIgniter.php.
PHP 7.2.24-0ubuntu0.18.04.13.
Apache2 (Apache/2.4.29)
I believe I found the answer for whatever other poor soul is still stuck on CodeIgniter v2. In system/core/Common.php there is a _exception_handler() function that has the following:
if (($severity & error_reporting()) == $severity)
{
$_error->show_php_error($severity, $message, $filepath, $line);
}
The above appears to be what's causing errors to be shown to publicly and while could't find CI v2 code on Github I did see it was removed (or possibly just moved) in V3:
CodeIgniter V3 _exception_handler
Here is the complete (v2.2.6) function (unmodified in any way as far as I know):
// --------------------------------------------------------------------
/**
* Exception Handler
*
* This is the custom exception handler that is declaired at the top
* of Codeigniter.php. The main reason we use this is to permit
* PHP errors to be logged in our own log files since the user may
* not have access to server logs. Since this function
* effectively intercepts PHP errors, however, we also need
* to display errors based on the current error_reporting level.
* We do that with the use of a PHP error template.
*
* @access private
* @return void
*/
if ( ! function_exists('_exception_handler'))
{
function _exception_handler($severity, $message, $filepath, $line)
{
// We don't bother with "strict" notices since they tend to fill up
// the log file with excess information that isn't normally very helpful.
if ($severity == E_STRICT)
{
return;
}
$_error =& load_class('Exceptions', 'core');
// Should we display the error? We'll get the current error_reporting
// level and add its bits with the severity bits to find out.
if (($severity & error_reporting()) == $severity)
{
$_error->show_php_error($severity, $message, $filepath, $line);
}
// Should we log the error? No? We're done...
if (config_item('log_threshold') == 0)
{
return;
}
$_error->log_exception($severity, $message, $filepath, $line);
}
}