Magento Commerce: Fixing “Exception printing is disabled by default for security reasons”

Whenever Magento 1.4.0.1 encounters an error condition you’re likely to see the message

There has been an error processing your request
Exception printing is disabled by default for security reasons
Error log record number: XXXXXXXXXXXXXXX

Unlike previous versions of Magento where it used to dump out the error report for the world to see, 1.4.0.1 now keeps the data private and accessible only for the administrators and instead we get “Exception printing is disabled by default for security reasons”.  This is because there’s information in the error reports which hackers may find useful, so it’s great to see Magento improving security.  This change in behaviour came in with 1.4.0.1 as is documented in the Release Notes:

Release Notes – Magento 1.4.0.1 stable (February 19, 2010)

Changes

• The error report exception printing is disabled by default for security reasons. To print the error report, copy the errors/local.xml.sample to errors/local.xml

Varien appear to have gone a bit too far down the security road and disabled notifications when an error occurs.  It would have been better to have notifications enabled and used the admin email address configured in the admin area.  Better yet, add these options to the System -> Configuration -> Admin area of the backoffice.  Perhaps this will come in future releases.

It is very important for store owners and administrators to be made aware of any issues within the store.  If you check for error report directory on a regular basis you’ll probably pick these up, if not, you have no idea customers are unable to use certain areas of your site.  This leads to lost customers, lost repeat visitors, and lost money.  The ideal scenario is to have the error report emailed to the administrator but not display the error contents to a customer.  To do that we need to follow the instruction in the Release Notes and edit the configuration file.

Step 1

Rename or copy the sample configuration file errors/local/xml/sample to errors/local.xml within your Magento installation directory

Step 2

Open “errors/local.xml” and you’ll see something like this:

<config>
    <skin>default</skin>
    <report>
        <!--
            "action" can be set to "print" to show exception on screen and "email"
            to send exception on specified email
        -->
        <action>print</action>
        <!--
            in "subject" you can set subject of email
        -->
        <subject>Store Debug Information</subject>
        <!--
            "email_address" admin email address
        -->
        <email_address></email_address>
        <!--
            "trash" is handle about trace info
            value "leave" is for store on disk
            value "delete" is for cleaning
        -->
        <trash>leave</trash>
    </report>
</config>

The comments are self explanatory, so if you want to have the error report emailed to “webmaster@yourdomain.com” and left on disk for future reference, here’s what you need to have in your local.xml file:

<config>
    <skin>default</skin>
    <report>
        <action>email</action>
        <subject>Magento Commerce Error Report. Store Debug Information</subject>
        <email_address>webmaster@yourdomain.com</email_address>
        <trash>leave</trash>
    </report>
</config>

If you choose to leave the error report on disk, you’ll find them in var/reports/{report_id}.  The report files themselves are JSON (Javascript Object Notation) files, which can be opened in any text editor.  You should try to search the Magento Forums or the web for key parts of the error to see if anyone has seen the problem before and posted the answer.  If you can’t find an answer start a new thread under the appropriate Magento Forum topic and include the contents of the report in your initial post.  It’s also a good idea to add as much detail as you can to a post to allow the community to help you.

The parameters set within the errors/local.xml determine the output generated by errors/default/report.phtml.  Ideally there should be a “Report Error” button or link to allow the customers to report the problem to the store owner/admin.  Currently this feature doesn’t exist so I’ll be adding the necessary code to the report.phtml and filing an RFE to get the changes put back in to the Magento Source.  Watch this space!  Without this feature the customer is left in no mans land.  They’ve hit a problem and have no way to know (a) what the problem was, or (b) to know if the problem will be fixed soon.  Looking at it from a customers perspective they are likely to leave your site and go elsewhere.

I hope this has been helpful to you.

Related posts:

1. Magento Tip #8: Debugging Magento: How to Enable PHP Error reporting
2. Magento Commerce Index Manager: How To Fix “Could not determine temp directory, please specify a cache_dir manually”
3. Magento Commerce 1.4: How To Fix ‘Unable to submit your request. Please, try again later’ on the Contact Us form
4. Magento Commerce: How To Fix “Order confirmation email not sent”
5. Screencast: How To Install Magento Commerce 1.4 using the “full release” bundle