[dokuwiki] Re: Fwd: DokuWiki - Full path disclosure
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Sun, 24 Jun 2012 12:50:55 +0200
> Maybe we
> should also point in the installation documentation to
> http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors
> which clearly states that display_errors should be disabled in
> production systems
good idea. I think we have a page with recommended PHP settings?
> It would be a start and definitely eliminate the current problem,
> however I have the impression that this problem also concerns some
> plugins from looking at the output of a quick search in the plugins I
> have installed here so just having a list of the parameters used in
> core code doesn't solve the whole problem.
Aye, but 3rd party plugins are always a problem we can't solve.
> I don't know if it is really better, but we could introduce some
> wrapper around _POST, _REQUEST, _GET etc. which takes as arguments the
> name of the parameter, the method (get, post, any) and the expected
> type, i.e. string, array, string_array (for an array of strings) and
> mixed for cases when the check is done by the caller
Actually I was thinking exactly the same, but wasn't sure if we want
that. Now that you're suggesting it as well, I guess I go ahead and
add it... So you might want to wait a couple of minutes until starting
on the list.
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
