On Wed, 20 Mar 2002, godminus wrote: > The vendor was contacted on the 9th of March, 2002, and did not reply > > The error would be something like: > > Fatal error: Cannot redeclare theindex() in > > /var/www_servers/w00/w308vs1701/docs/csleague.israel.net/index.php on line > > 7 This is what a standard error or warning in PHP looks like, providing that the error reporting is set to output errors on the pages (which is a good thing to turn off in production sites for presentation reasons). Path disclosures like this are likely to appear in very many PHP scripts when errors are encountered (and are easy to produce in most programs by messing with query strings). Ideally, once a script is in production and displayed messages are no longer needed for debugging, they should be disabled. To avoid this one of the following things can be done: 1) Set "display_errors" to off in php.ini or with "php_flag display_errors off" in .htaccess or in an http conf file. 2) Use PHP's error handling functions to disable error reporting or alter the handling (to email an admin for example, and display a less explicit error). Reference: PHP Manual: Configuration - http://www.php.net/manual/en/configuration.php PHP Manual: Error Handling - http://www.php.net/manual/en/ref.errorfunc.php -- Dylan Reeve - dylan@wibble.net It's just not cricket.
