Menu

#168 Error Handling - checkPhpBuild.php

version 0.8
open
Miha Petkovsek
security (1)
2
2015-12-08
2015-12-08
Anonymous
No

Hi Miha,

I sent an email through the comments field on the main website but figured I'd add my findings below.

Line 90 in checkphpbuild.php script returns sensative details when a FATAL mysqli error occurs.

if($_GET['page']!="install") {
$mysqli = @new mysqli(/$db*/['host'], /$db/['user'], /$db/['pass'], /*$db/['name']);

Removing the $db global variable from this line resolves the issue. Not sure why the Global $db variable exists, it appears to be throughout the code but haven't figured out its exact purpose.

Can you please confirm this is an issue and by design?

Regards,
Andy

Discussion

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.