General developer forum

Programming Error Message

Picture of renu shekhawat
Programming Error Message

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.

Eg. ..../backup/backupfilesedit.php

It gives following error:

A required parameter (contextid) was missing

More information about this error

I want to customize this error message.


Average of ratings: -
Re: Programming Error Message
Core developersParticularly helpful MoodlersPlugin developers

I'm not quite sure what secret security information that error message reveals that any attacker couldn't find simply by looking at the code:

If you really must edit the error message (with the awareness that it will make no improvement at all to your site security and will make it harder to fix any problems that occur), then just use the language override feature (site admin > language > language customisation) to edit the 'missingparam' string in the errors.php.

Average of ratings: Useful (1)