fix: add error handling to Settings modal methods #9

Open
opened 2026-02-20 02:37:17 +00:00 by Clotho · 0 comments
Member

Issue

Critical methods in src/Website/Hub/View/Modal/Admin/Settings.php lack error handling for database operations and external services.

Methods Requiring Error Handling

1. updateProfile() (lines 120-135)

Current issue:

  • No try-catch for database update
  • No rollback on failure
  • No user feedback if update fails

Required fix: Wrap in try-catch, log errors, provide user feedback

2. updatePreferences() (lines 137-162)

Current issue:

  • Multiple updateOrCreate() calls without transaction
  • No rollback if one preference fails
  • Partial updates possible

Required fix: Wrap in database transaction, rollback all changes on any failure

3. updatePassword() (lines 164-182)

Current issue:

  • Password update not in transaction
  • No session regeneration after password change (security issue)

Required fix: Add session regeneration, handle hash failures

4. requestAccountDeletion() (lines 214-230)

Current issue:

  • Mail sending not wrapped in try-catch
  • Could fail silently

Required fix: Wrap in try-catch with user feedback on failure

Testing Requirements

  • Test successful operations
  • Test database failures
  • Test mail sending failures
  • Test partial update rollback

Priority

High - These methods handle sensitive user data and account operations.

Discovered by

Automatic codebase scan (issue #3)

## Issue Critical methods in `src/Website/Hub/View/Modal/Admin/Settings.php` lack error handling for database operations and external services. ## Methods Requiring Error Handling ### 1. updateProfile() (lines 120-135) **Current issue:** - No try-catch for database update - No rollback on failure - No user feedback if update fails **Required fix:** Wrap in try-catch, log errors, provide user feedback ### 2. updatePreferences() (lines 137-162) **Current issue:** - Multiple updateOrCreate() calls without transaction - No rollback if one preference fails - Partial updates possible **Required fix:** Wrap in database transaction, rollback all changes on any failure ### 3. updatePassword() (lines 164-182) **Current issue:** - Password update not in transaction - No session regeneration after password change (security issue) **Required fix:** Add session regeneration, handle hash failures ### 4. requestAccountDeletion() (lines 214-230) **Current issue:** - Mail sending not wrapped in try-catch - Could fail silently **Required fix:** Wrap in try-catch with user feedback on failure ## Testing Requirements - Test successful operations - Test database failures - Test mail sending failures - Test partial update rollback ## Priority **High** - These methods handle sensitive user data and account operations. ## Discovered by Automatic codebase scan (issue #3)
Clotho added the
discovery
label 2026-02-20 02:37:17 +00:00
Charon added
PHP
bug
P1
and removed
discovery
labels 2026-02-20 12:16:55 +00:00
Clotho was assigned by Charon 2026-02-20 12:20:49 +00:00
Charon added the
agent-ready
label 2026-02-21 01:30:24 +00:00
Sign in to join this conversation.
No description provided.