Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
3.0.x
-
None
Description
Don't know whether this is by design or not: the complete SQL error message including parts of the faulty SQL statement is given to all users even if DEBUG-mode is disabled. This might give an attacker some information about potential issues with faulty modifications.
Attachments
Issue Links
- is related to
-
PHPBB3-9079 Display backtrace on all E_USER_ERROR errors, not only SQL errors (when DEBUG_EXTRA is enabled)
- Closed
-
PHPBB3-10581 Malformed SQL is logged when user triggering it is shown the offending SQL
- Closed