[Phpmyadmin-devel] Paths disclosures and error_reporting()
Rabus
derrabus at gmx.de
Thu Jul 17 05:28:12 CEST 2003
Hi Marc & list,
Am Thu, 17 Jul 2003 06:33:21 -0400 hat Marc Delisle
<DelislMa at CollegeSherbrooke.qc.ca> geschrieben:
> - config.inc.php3:
>
> if (!isset($old_error_reporting)) {
> error_reporting(E_ALL);
> @ini_set('display_errors', '1');
> }
>
> How can this be executed? config is called by common, and common sets
> $old_error_reporting just before the call.
It can be executed if config.inc.php3 is called directly. I the config file
cannot be loaded, phpMyAdmin displays an error message with a direct link
to config.inc.php3. I added this mechanism some time ago to make it easier
for the user to find typos.
As long as the config file is OK, a direct call of config.inc.php3 would
result in a blank page.
This is why I don't think that this is a security hole.
Regards,
Alexander
More information about the Developers
mailing list