Database password printed to output during Error

[GoogleCodeExporter]

I'm getting fatal errors printed out to the screen which have the full database 
connection settings in. 

Something like the following:
Fatal error: Uncaught exception 'Exception' with message 'Lost connection to 
MySQL server at 'reading initial communication packet', system error: 111' in 
tinytodo/class.db.mysql.php:68 Stack trace: #0 tinytodo/init.php(26): 
Database_Mysql->connect('MY_HOST', 'MY_USER', 'MY_PASSWORD', 'MY_DATABASE) #1 
tinytodo/index.php(8): require_once('...') #2 {main} thrown in 
tinytodo/class.db.mysql.php on line 68

I'm not reporting that the connection is down - that's a problem with my 
provider - I'm reporting the fact that it prints these errors, as you can see 
above my database username and password are printed to the screen for anyone to 
read.

The culprit is line 13 in init.php:
ini_set('display_errors', 'On');

This warrants a major security hole and php.net recommends it's OFF in all 
production systems.

Original issue reported on code.google.com by matthew....@gmail.com on 17 Mar 2012 at 10:49

[GoogleCodeExporter]

This is technically a duplicate of 45 but I think it's important to tell people 
how to fix this.

(i.e, set 'display_errors' to 'Off' )

Original comment by matthew....@gmail.com on 17 Mar 2012 at 11:01

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hey matthew, i will have a look at this issue and try to fix it asap. Have a 
look at my new project page for myTinyTodo: 
https://github.com/alex-LE/myTinyTodo

Original comment by eagled...@gmail.com on 6 Apr 2012 at 9:29

[GoogleCodeExporter]

Thanks Alex, I'll keep my eyes on the github repository. (And thanks for 
myTinyTodo!)

Original comment by matthew....@gmail.com on 12 Apr 2012 at 4:38

[GoogleCodeExporter]

fix will be published in v1.5

Original comment by maxpozd...@gmail.com on 29 Aug 2014 at 1:20

• Changed state: Fixed