|Topic:||Potential webroot disclosures warning|
|Versions affected:||all version|
|Reported by:||Richard Brain of ProCheckUp Ltd. (www.procheckup.com)|
|Solution:||make sure display_errors is disabled in PHP configuration; 1.8.6 and 1.9.2 contains new warning for administrators|
Description:ProCheckup discovered that several scripts display errors if display_errors enabled in PHP configuration. This problem will be fully fixed in later Moodle versions because it requires modification of many files and review of all code from upstream, in the meantime please make sure you server is configured properly - see http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors
We would like to thank them for informing us in a responsible manner and coordinating the disclosure of security advisories.