/install.php and /index.php should respect environment flag
zellfaze-zz opened this issue · 1 comments
Both index.php and install.php start with the following two lines:
error_reporting(E_ALL);
ini_set("display_errors", 1); It appears that there is a system in place to turn these on based on an environment flag (/index.php lines 33-49). By inserting these two lines at the beginning of these files you create a situation identical to the environment flag being set to debug.
While this is convenient for development, it may pose security issues down the road, especially if such use becomes prolific.
Hi zelifaze,
The error reporting flag should not have been repeated in index.php. The code now uses a suitable error reporting setting dependant on its environment.
The install.php file is not part of bitwasp system as a whole. Its just a standalone file to setup the necessary config options. As such it does not currently read the ENVIROMENT option so errror reporting turned on to allow for error diagnosis during installation. The install.php file should be removed immediately after installation for safety, and I will implement a check for this after an admin user logs in.