The Standard PHP Library (SPL) provides some exceptions that should be used whenever possible.
Do not use
wcf\system\exception\SystemException anymore, use specific exception classes!
The following table contains a list of custom exceptions that are commonly used.
All of the exceptions are found in the
|Class name||(examples) when to use|
||access to a page that belongs to a non-existing object, executing actions on specific non-existing objects (is shown as http 404 error to the user)|
||a class does not implement an expected interface|
||5.4+ API method support generic objects but specific implementation requires objects of specific (sub)class and different object is given|
||object type is not of an expected object type definition|
||given security token does not match the security token of the active user's session|
||a class does not extend an expected (parent) class|
||page access without permission, action execution without permission (is shown as http 403 error to the user)|
||user input does not pass validation|
Sensitive Arguments in Stack Traces#
Sometimes sensitive values are passed as a function or method argument. If the callee throws an Exception, these values will be part of the Exception’s stack trace and logged, unless the Exception is caught and ignored.
WoltLab Suite will automatically suppress the values of parameters named like they might contain sensitive values, namely arguments matching the regular expression
If you need to suppress additional arguments from appearing in the stack trace, you can add the
\wcf\SensitiveArgument attribute to such parameters.
Arguments are only supported as of PHP 8 and ignored as comments in lower PHP versions.
In PHP 7, such arguments will not be suppressed, but the code will continue to work.
Make sure to insert a linebreak between the attribute and the parameter name.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19