"Fail hard" is too hard

[yurg]

Had to make changes in order to restore project from Fatal Error; Please, please, some more mercy next time via crm.alert /
CRM_Core_Session::setStatus instead of firing exceptions.

[civicrm-builder]

Can one of the admins verify this patch?

[colemanw]

The BAO is responsible for business logic (that's what the "B" stands for) and not presentation. So throwing an exception is more appropriate for the BAO than reaching into the user's session to set a status message (which would not be an appropriate action to take e.g. if the BAO was being called from the api). Generally what we want to do is catch the exception in the form layer and present a nice error message to the user.

[xurizaemon]

See CRM-18504 and PR #8301 also.

Comments here don't pass code style either - I understand that wasn't top priority when your site exploded 😄

[xurizaemon]

This patch is not OK - it appears to restore a SQL injection vulnerability addressed in 4.7.7. Please follow the issue linked above which I will be working on today.