Hi, Here are the weird things I found:
- common.lib.php3, line 5: error_reporting(E_ALL);
Looks like a temporary debugging line. Could it be a source of our path disclosures problems? Of course, there are some other error_reporting(E_ALL); in other scripts, too.
The one in tbl_properties_links looks suspicious to me.
I remember we discussed about being able to see the error messages from user reports, but do we really need it?
- config.inc.php3:
if (!isset($old_error_reporting)) { error_reporting(E_ALL); @ini_set('display_errors', '1'); }
How can this be executed? config is called by common, and common sets $old_error_reporting just before the call.
Marc
Hi Marc & list,
Am Thu, 17 Jul 2003 06:33:21 -0400 hat Marc Delisle DelislMa@CollegeSherbrooke.qc.ca geschrieben:
- config.inc.php3:
if (!isset($old_error_reporting)) { error_reporting(E_ALL); @ini_set('display_errors', '1'); }
How can this be executed? config is called by common, and common sets $old_error_reporting just before the call.
It can be executed if config.inc.php3 is called directly. I the config file cannot be loaded, phpMyAdmin displays an error message with a direct link to config.inc.php3. I added this mechanism some time ago to make it easier for the user to find typos.
As long as the config file is OK, a direct call of config.inc.php3 would result in a blank page. This is why I don't think that this is a security hole.
Regards,
Alexander
Marc Delisle a écrit:
Hi, Here are the weird things I found:
- common.lib.php3, line 5:
error_reporting(E_ALL);
Looks like a temporary debugging line. Could it be a source of our path disclosures problems?
I am the one who added this line :) http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpmyadmin/phpMyAdmin/librari...
So now I am tempted to remove it!
Marc
Of course, there are some other error_reporting(E_ALL); in other scripts, too.
The one in tbl_properties_links looks suspicious to me.
I remember we discussed about being able to see the error messages from user reports, but do we really need it?
Marc
-
Marc Delisle -
Rabus