On Wednesday 18 of June 2003 22:14, Garvin Hicking wrote:
Regarding the directory disclore issue: The author
means that PHP will
print out the 'missing variable in file /ddd/xxx/eee/bla.php' and thereby
showing the path. I guess we can only hide that part by pointing out to not
letting PHP print out errors on a webpage in production environments. On
our side, we can only reduce the PHP error output, I guess?
We should avoid any php error message, and end with our error when something
needed is not defined (eg. db/table...)
--
Regards
Michal Cihar
nijel at users dot sourceforge dot net
http://cihar.liten.cz