bit-wasp / bitwasp-historic Goto Github PK

I was hoping on a demo site...

Both index.php and install.php start with the following two lines:

 error_reporting(E_ALL);
 ini_set("display_errors", 1); 

It appears that there is a system in place to turn these on based on an environment flag (/index.php lines 33-49). By inserting these two lines at the beginning of these files you create a situation identical to the environment flag being set to debug.

While this is convenient for development, it may pose security issues down the road, especially if such use becomes prolific.

I get the following errors:

A PHP Error was encountered
Severity: Warning
Message: file_get_contents(./assets/images/captcha/.jpg): failed to open stream: No such file or directory
Filename: libraries/My_image.php
Line Number: 84

and

A PHP Error was encountered
Severity: Warning
Message: unlink(assets/images/captcha/.jpg): No such file or directory
Filename: libraries/My_captcha.php
Line Number: 80

Registration will not proceed.

/index.php and /install.php both include lines at the beginning similar to the following:

error_reporting(E_ALL);
ini_set("display_errors", 1); 

While these are good for debugging purposes, they may pose security issues later on. I propose that there should be a setting or flag designated somewhere that can be checked so that these two lines can be put into an if statement.

Doing so would help increase the overall security of the program as, if done correctly, you would not have to worry about accidentally leaving Error Reporting on when switching the application from debug to production mode.

A commendable effort. Wondering about license.txt, however: this is presumably for the CodeIgniter framework only, right? If so, perhaps that fact could be made more explicit so as to not scare anyone off; right now the file is situated such that it would seem to cover the project as a whole.

If you're agorist-minded, you may wish to have a look at http://unlicense.org/ for instructions on how to put the software into the public domain (for the benefit of copyright-believers), which would make this project all the more interesting.