HN2new | past | comments | ask | show | jobs | submitlogin

That custom error handler was never set, because the code you see above never even executed. The reason was, like said many times already, a miss-typed opening PHP tag, which tells PHP where PHP code is. If that tag is missing or miss-typed the code is just returned to the browser like HTML.

The point is that no server configuration can save you from an error like this.



The point is that no server configuration can save you from an error like this.

Huh? Yes you can protect against errors like this; https://hackernews.hn/item?id=2343675


Well, off the top of my head, mod_security has rules that scan outgoing data for password or code leakage.

A deployment strategy that requires testing that pages show what you expect them to show would also likely catch it.


If the custom error handler was never set, the PHP notices wouldn't look like that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: