Topic: | Potential webroot disclosures warning |
Severity: | Minor |
Versions affected: | all version |
Reported by: | Richard Brain of ProCheckUp Ltd. (www.procheckup.com) |
Issue no.: | MDL-15413 |
Solution: | make sure display_errors is disabled in PHP configuration; 1.8.6 and 1.9.2 contains new warning for administrators |
Description:
ProCheckup discovered that several scripts display errors if display_errors enabled in PHP configuration. This problem will be fully fixed in later Moodle versions because it requires modification of many files and review of all code from upstream, in the meantime please make sure you server is configured properly - see http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errorsWe would like to thank them for informing us in a responsible manner and coordinating the disclosure of security advisories.