On Wednesday 18 of June 2003 22:14, Garvin Hicking wrote:
Regarding the directory disclore issue: The author means that PHP will print out the 'missing variable in file /ddd/xxx/eee/bla.php' and thereby showing the path. I guess we can only hide that part by pointing out to not letting PHP print out errors on a webpage in production environments. On our side, we can only reduce the PHP error output, I guess?
We should avoid any php error message, and end with our error when something needed is not defined (eg. db/table...)