Boot exception exposes db username and file system path

clarkwinkelmann

We have agreed to change the error message, that will be done for the next release.

However while it should be fixed, we still haven't found a setup to replicate the password leak. That would really help if we could replicate it so that we can test the fix on one of those setup as well.

sylv38 can you share the details about your hosting? Company, operating system version, MySQL version, PHP version?

tankerkiller125

clarkwinkelmann I can replicate it with an improperly configured php.ini config file setup for debugging instead of production. I'll have to see if I can find which specific config option causes it again.

sylv38

clarkwinkelmann the host is infomaniak (shared hosting) with php 7.4.14 and mysql 5.7.30. The problem seems to occur when it can't reach the database (I think I have this error when I put a wrong database address) or when the connection is refused.

sylv38

askvortsov Because it's critical, I edited the core file to patch the function with your proposition on the milestone ! Thank you !

« Previous Page