ID: 28349 Comment by: tri at tactile3d dot com Reported By: jonathan at nationaldirect dot net Status: Bogus Bug Type: Output Control Operating System: Win2k PHP Version: 4.3.6 New Comment:
Hmmm, kinda disagree about the "bogus" status. It may be behaving "as designed" but it's an unclear design. A tag that says display_errors Off should turn them off! The tag isn't called display_errors_if_on_or_(if_off)_when_cannot_write_to_some_other_output. At the very least, as jonathan suggested, there should be a comment in the php.ini that describes this behaviour. --tristan Previous Comments: ------------------------------------------------------------------------ [2004-06-08 09:48:11] [EMAIL PROTECTED] You just need to setup your server correctly, this has nothing to do with a "security" problem. Not a bug in PHP -> bogus. ------------------------------------------------------------------------ [2004-06-07 17:17:48] jonathan at nationaldirect dot net I still think we need to put a warning somewhere because this is a potential security risk. Maybe we could let the user choose what to do by putting a setting in the php.ini file. ------------------------------------------------------------------------ [2004-06-07 17:07:11] jonathan at nationaldirect dot net On a production machine we cannot display errors to the end user because of the privacy and security risks. I think if we put a comment in the php.ini file to warn windows users of this issue and also quietly discard the errors if the file cannot be written to then it would be more acceptable. ------------------------------------------------------------------------ [2004-06-07 17:03:55] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php When you specified a log file that can not be written to, it is better to display the error rather then hide it and lose the record that is had every occurred. ------------------------------------------------------------------------ [2004-06-07 17:01:59] jonathan at nationaldirect dot net I have figured it out. This is not a php bug but rather a Windows folder security settings issue. Something in IIS is setting default to deny write access to some users like "Web Anonymous Users" and "IUSR_computername" accounts. If the user "Web Anonymous Users" is denied write access to the folder then the output will be directed to the webpage. When I manually remove DENY WRITE ACCESS from the folder where the phperrors.log file is to be then all is ok. I still think this is a bug because it still allows erros to display even when display_errors = off. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/28349 -- Edit this bug report at http://bugs.php.net/?id=28349&edit=1
