[
https://issues.apache.org/jira/browse/VCL-809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699784#comment-14699784
]
Josh Thompson commented on VCL-809:
-----------------------------------
Setting php's "display_errors" to off will prevent this from happening.
However, this issue does highlight some minor bugs to be fixed.
> Information disclosure when accessing page you don't have access to
> -------------------------------------------------------------------
>
> Key: VCL-809
> URL: https://issues.apache.org/jira/browse/VCL-809
> Project: VCL
> Issue Type: Bug
> Components: web gui (frontend)
> Affects Versions: 2.3.2
> Reporter: Karl Vollmer
> Priority: Minor
>
> visit index.php?mode=dashboard as someone who doesn't have access and you get
> Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line
> 10195 Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on
> line 10195 Notice: Undefined index: home in
> /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice: Undefined index:
> home in /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice: Undefined
> index: home in /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice:
> Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line 10195
> Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line
> 10195
> which discloses the location of the files on your webserver,
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
