Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Debugger::enable() calls die() instead of throwing error as preventio…
…n of Full Path Disclosure
- Loading branch information
Showing
1 changed file
with
3 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f2b7022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe 500 Internal Server Error header should be sent before die()?
f2b7022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you like to support PHP < 5.2.4? ;-)
f2b7022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't get your comment. On both nginx and Apache 2.4 in combination with PHP FPM 5.4.7, it sends 200 OK instead of 500.
f2b7022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Context: php/php-src@e1f08c8
It sends the header only if is set
display_errors = 0
and when triggering an error.die()
is not an error.f2b7022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, my mistake.