• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP error handling security

#1
I've noticed that the full path to a php file is shown when an error is displayed. This is not supposed to happen.

   

When I check the Exceptions class, the following is mentioned: "For safety reasons we don't show the full file path in non-CLI requests". But that only works for the variables available in the error templates.

Is it possible to show only the rendered error messages, and not the php rendered error message added at the top. Disabling the error reporting is not the solution.
Reply

#2
Disabling error reporting isn't the solution, indeed.
Disabling error displaying is the solution.
Reply

#3
If you want not to show error on production server.
Set CI_ENV production.
See https://www.codeigniter.com/user_guide/g...ments.html
Do you want to write tests for your apps? Our book, CodeIgniter Testing Guide would help you.
Reply

#4
Hello There!
Very good article but still I am Unable to understand Exceptions
I got every bit of ErrorHandling but I am getting to Understand Exceptions.
Please if anybody can help me in Understanding PHP exception.I searched through google alot for this but none of them are quite able to help me in completely understanding it.
even if you have a useful resource please provide link plz share it for me.
Any help in this matter will be apreciated alot.
Accept my thanks in Advance..... http://www.besanttechnologies.com/traini...in-chennai | http://www.besanttechnologies.com/traini...g-training
Reply

#5
(12-20-2015, 03:41 AM)acemary Wrote: Hello There!
Very good article but still I am Unable to understand Exceptions
I got every bit of ErrorHandling but I am getting to Understand Exceptions.
Please if anybody can help me in Understanding PHP exception.I searched through google alot for this but none of them are quite able to help me in completely understanding it.
even if you have a useful resource please provide link plz share it for me.
Any help in this matter will be apreciated alot.
Accept my thanks in Advance.....   http://www.besanttechnologies.com/traini...in-chennai  |  http://www.besanttechnologies.com/traini...g-training

I found a solution for you,
This solution is not pre-defined by php.
I write some custom code in Exceptions.php, and i found this problem is gone, may be this will help you.

1. First you need to open system/core/Exceptions.php
2. In here you find a function called "show_php_error".
3. You need to put some line of code in top of the function.
Code: 
if( strpos($message, 'called in') ){
                $server  = str_replace(array( '/', '\\' ), array( '\\', '\\' ), $_SERVER[ 'DOCUMENT_ROOT' ]);
                $message = str_replace($server, '', $message);
            }
Your problem will solve.
Reply me in my email if your problem is solved.
[email protected]


Attached Files Thumbnail(s)
   
Reply

#6
You should never edit and add code to a ./system/core file!

You take and extend that file not edit it.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#7
Errors vs. Exceptions
Many use error handling and exception handling interchangeably.  When we say error handling we are referring to the process of catching errors produced by your program which needs proper action. Since PHP came into a new object-oriented (OOP) way of dealing with errors, exception handling was introduced. It is used to change the usual way of handling code execution of a specific error condition when it occurs. In this way, exception handling provides a better technique over error handling.

How does exception handling in PHP  work?

Just like any other object-oriented programming, PHP also uses the following keywords related to exceptions:

Try:  this means that if the exception does not trigger, the code will just execute normally but if the exception triggers then it will call “thrown” exception

Throw: every time an exception has been triggered, a “throw” exception must be paired with at least one “catch”

Catch:  this block of code should retrieve an exception and create an object including the exception information.

**SEO spam link redacted**
Reply

#8
Hi, Its a very good article.I got some good idea on this. But some concepts still i didn't understand. Kindly update the brief article.

*SEO spam link redacted*
No SEO spam
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.