On Monday 08 May 2006 04:49, you wrote: > You state these problems exist at php.net and elsewhere, so why is the > subject titled phpbb? php.net even recommends that for production sites > displaying of errors is discouraged. I'm unsure how your report brings > anything new as you specify the valid use of debug and displaying of > errors which are already well known. "Full Path Disclosure" isn't a risk but many systems of PHP or important sites are vulnerable to this issues. Of course it is possible to turn off display_errors but it isn't changing the fact, that issues should not be. It is typical "Full Path Disclosure". Yesterday I received the confirmation from phpBB about the acceptance of these bug. PHP is a specific language and are many different possibilities to show full path. I will public note about this bugs. -- pub 1024D/7FDF4CEE 2005-09-21 uid Maksymilian Arciemowicz (cXIb8O3) <max@xxxxxxxxxxxx> sub 2048g/AE816DB6 2005-09-21 SecurityReason.Com [Europe]
