Closed q2apro closed 2 years ago
Error you see only if login to manager, if not you see just one word 'Error'
This code do that: https://github.com/evolution-cms/evolution/blob/3.x/core/src/ExceptionHandler.php#L413-L429
or if you turn on debug mode then will show for All )
by default show only for Managers
Thanks for your reply. But it really shows all errors. Even when not logged in to the manager. That is why I am reporting this problem.
I am running Evo CMS 2.0.4
How to disable it there? I cannot find it in the CMS configuration.
In Evo 2 there is the file core/src/ExceptionHandler.php
There you have: if ($this->shouldDisplay()) {
protected function shouldDisplay()
{
return isset($_SESSION['mgrValidated']) || $this->container['config']->get('app.debug');
}
I ran one PHP snippet with error ... and there was really only Error
showing up.
Maybe I had a session cookie in the browser or so that the error was displayed beforehand.
Case closed.
When there is an error in the code of a snippet, it throws an error report frontend.
Example:
This SHOWS all the server paths and more details.
And this is also shown to anonymous users.
How to hide these error reports?
Only the CMS user should see them, not others!
In my point of view, this is a security vulnerability of Evolution CMS.