General developer forum

Programming Error Message

 
Picture of renu shekhawat
Programming Error Message
 

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.

Eg. ..../backup/backupfilesedit.php

It gives following error:

A required parameter (contextid) was missing

More information about this error

I want to customize this error message.

How?

 
Average of ratings: -
Davo
Re: Programming Error Message
Group Core developersGroup Particularly helpful MoodlersGroup Plugin developers

I'm not quite sure what secret security information that error message reveals that any attacker couldn't find simply by looking at the code: https://github.com/moodle/moodle/blob/master/backup/backupfilesedit.php#L31

If you really must edit the error message (with the awareness that it will make no improvement at all to your site security and will make it harder to fix any problems that occur), then just use the language override feature (site admin > language > language customisation) to edit the 'missingparam' string in the errors.php.


 
Average of ratings: Useful (1)