0016059: System should warn users when debug settings are enabled - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0016059	mantisbt	bugtracker	public	2013-06-14 14:42	2014-12-08 00:34

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	fixed
Target Version	1.3.0-beta.1	Fixed in Version	1.3.0-beta.1

Summary	0016059: System should warn users when debug settings are enabled
Description	Some config settings are intended for development or debugging purposes, and should normally not be used on production systems: $g_show_detailed_errors != OFF $g_display_errors[E_USER_ERROR] != 'halt' $g_debug_email !== OFF Setting these incorrectly may expose sensitive information (e.g. passwords), could lead to data integrity issues and may cause MantisBT to function incorrectly, so we should make sure that users are aware of it.
Tags	No tags attached.

related to	0010966	closed	dregad	No Errors shown at all if error_reporting=0 configured at server
related to	0012632	closed	dregad	Signup with empty username and e-mail is possible when display_errors[E_USER_ERROR] = 'inline'
related to	0016058	closed	atrol	'Jump' to non-existing issue not displaying 'Issue not found'message.

MantisBT: master 71b8dc96 2013-06-14 16:48 dregad Details Diff	Admin Checks should warn when debug settings are used This implements the same logic as on the login page. Fixes 0016059, 0012632		Affected Issues 0012632, 0016059
	mod - admin/check/check_config_inc.php		Diff File

dregad 2013-06-14 14:44 developer ~0037196	There have been several cases where such configuration led to problems, and users reporting issues here because of it (see related issues).