View Issue Details

IDProjectCategoryView StatusLast Update
0016059mantisbtbugtrackerpublic2014-12-08 00:34
ReporterdregadAssigned Todregad 
Status closedResolutionfixed 
Product Version 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0016059: System should warn users when debug settings are enabled

Some config settings are intended for development or debugging purposes, and should normally not be used on production systems:

  • $g_show_detailed_errors != OFF
  • $g_display_errors[E_USER_ERROR] != 'halt'
  • $g_debug_email !== OFF

Setting these incorrectly may expose sensitive information (e.g. passwords), could lead to data integrity issues and may cause MantisBT to function incorrectly, so we should make sure that users are aware of it.

TagsNo tags attached.


related to 0010966 closeddregad No Errors shown at all if error_reporting=0 configured at server 
related to 0012632 closeddregad Signup with empty username and e-mail is possible when display_errors[E_USER_ERROR] = 'inline' 
related to 0016058 closedatrol 'Jump' to non-existing issue not displaying 'Issue not found'message. 




2013-06-14 14:44

developer   ~0037196

There have been several cases where such configuration led to problems, and users reporting issues here because of it (see related issues).

Related Changesets

MantisBT: master 71b8dc96

2013-06-14 20:48:06


Details Diff
Admin Checks should warn when debug settings are used

This implements the same logic as on the login page.

Fixes 0016059, 0012632
mod - admin/check/check_config_inc.php Diff File

Issue History

Date Modified Username Field Change
2013-06-14 14:42 dregad New Issue
2013-06-14 14:42 dregad Status new => assigned
2013-06-14 14:42 dregad Assigned To => dregad
2013-06-14 14:44 dregad Note Added: 0037196
2013-06-14 14:44 dregad Relationship added related to 0010966
2013-06-14 14:44 dregad Relationship added related to 0012632
2013-06-14 15:11 dregad Relationship added related to 0016058
2013-10-11 23:23 dregad Changeset attached => MantisBT master 71b8dc96
2013-10-11 23:23 dregad Status assigned => resolved
2013-10-11 23:23 dregad Resolution open => fixed
2013-10-11 23:23 dregad Fixed in Version => 1.3.0-beta.1
2014-12-08 00:34 vboctor Status resolved => closed