[wp-trac] [WordPress Trac] #46426: dangerous error displaying database name and DB password
WordPress Trac
noreply at wordpress.org
Wed Feb 5 06:44:41 UTC 2020
#46426: dangerous error displaying database name and DB password
-----------------------------+----------------------
Reporter: blue87moon | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 5.1
Severity: critical | Resolution: invalid
Keywords: has-screenshots | Focuses:
-----------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
The error message shown here is 100% from PHP and not controllable by
WordPress, but probably being triggered by an out-of-date plugin at the
time.
It looks like it's a server with Error display enabled, XDebug enabled,
and the `xdebug.collect_params` option enabled - That makes for a great
Developer server, but not so much a production one.
Given the nature of the error, and requiring developer extensions enabled
specifically to do exactly what's happening here, I'm marking this as
`invalid`, there's nothing WordPress can do to protect against a
development environment settings.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46426#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list