[Phpmyadmin-devel] Paths disclosures and error_reporting()

Rabus derrabus at gmx.de
Thu Jul 17 05:28:12 CEST 2003

Hi Marc & list,

Am Thu, 17 Jul 2003 06:33:21 -0400 hat Marc Delisle 
<DelislMa at CollegeSherbrooke.qc.ca> geschrieben:

> - config.inc.php3:
> if (!isset($old_error_reporting)) {
> error_reporting(E_ALL);
> @ini_set('display_errors', '1');
> }
> How can this be executed? config is called by common, and common sets
> $old_error_reporting just before the call.

It can be executed if config.inc.php3 is called directly. I the config file 
cannot be loaded, phpMyAdmin displays an error message with a direct link 
to config.inc.php3. I added this mechanism some time ago to make it easier 
for the user to find typos.

As long as the config file is OK, a direct call of config.inc.php3 would 
result in a blank page.
This is why I don't think that this is a security hole.



More information about the Developers mailing list