add roundabout for security issue

OrifInformatique · Jan 15, 2024 · 7d2967e · 7d2967e
1 parent 304f57a
commit 7d2967e
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/app/Config/Boot/production.php b/app/Config/Boot/production.php
@@ -7,7 +7,13 @@
  | Don't show ANY in production environments. Instead, let the system catch
  | it and display a generic error message.
  */
-ini_set('display_errors', '0');
+# ini_set('display_errors', '0');
+ini_set('display_errors', 'Off'); # Workarounds for CodeIgniter4 vulnerable to
+# information disclosure when detailed error report is displayed in production
+# environment 
+# https://github.com/OrifInformatique/ci_packbase_v4/security/dependabot/2
+# When we update CodeIgniter to 4.4.3 or upper, change Off to 0
+
 error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
 
 /*