Fixing some wrong file permissions, I noticed that while the error message in includes/stylizer.inc gives you the path:
drupal_set_message(t('Unable to create CTools styles cache directory @path. Check the permissions on your files directory.', array('@path' => $path)), 'error');
includes/css.inc does not:
drupal_set_message(t('Unable to create CTools CSS cache directory. Check the permissions on your files directory.'), 'error');
(and of course I was looking for this path).

So I propose to change the line in css.inc to:
drupal_set_message(t('Unable to create CTools cache directory @path. Check the permissions on your files directory.', array('@path' => $path)), 'error');

Even better change both lines:
css.inc: drupal_set_message(t('Unable to create CTools @type cache directory @path. Check the permissions on your files directory.', array('@type' => 'CSS', '@path' => $path)), 'error');
stylizer.inc: drupal_set_message(t('Unable to create CTools @type cache directory @path. Check the permissions on your files directory.', array('@type' => 'CSS', '@path' => $path)), 'error');

This way we have the same t() string.

What do you think?

CommentFileSizeAuthor
#1 ctools-path-in-error-messages-1844582-2.patch1.46 KBgngn

Comments

gngn’s picture

gngn commented
Status: Active » Needs review
StatusFileSize
new ctools-path-in-error-messages-1844582-2.patch1.46 KB

Hm, nobody answering... so I just attach a patch for the above and change the status to "needs review".

The patch is against 6.x-1.10, it also applies to the current ctools-6.x-1.x-dev (2013-05-17).

danepowell’s picture

danepowell commented
Issue summary: View changes

This error message currently gets displayed to anonymous users. Including the path could disclose sensitive information. It should be converted into an Exception / watchdog / status check or something else that can be hidden from anonymous users.