Closed emnbdx closed 7 months ago
Really severe! A lot of secret info exposed and payment system broken. I've downgraded to .26
Same issue here ! Had to downgrade to 0.26 too
You can just set debugmode to false instead of downgrade, as I said. But i understand downgrade when you are not satisfied by a version ;)
Same here. It sure can be fixed easily by setting debug mode to false, but I am not sure to understand why the debug mode is now enabled by default, seems like an error-prone behaviour to me.
@antoinep-origami when you examine the code, you'll notice that DebugMode is annotated with the comment [INTERNAL USAGE ONLY]. This leads me to believe that its inclusion was likely an oversight by a developer.
I create a PR to fix this ! https://github.com/Mangopay/mangopay2-php-sdk/pull/637
same issue here wtf, discovered on live user accounts !
same, please merge the fix!
Really weird, and without any information about this change 👎🏼 This can cause huge security problems.
Since commit fe49ef57d3f0c948a2a5bbd53db1aab367c89b45 DebugMode is now true by default.
This could be problematic because it allows anyone to access the API client and secret if deployed in a production environment.
Here is a sample of what i get display directly on browser on my test environment
@mihaimoiseanu this one is for you I think you forget to remove it after testing
For everybody looking for a workaround you have to set DebugMode manually to false