Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the
dirname(__FILE__)
is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome.
Thanks
The use of that construction is fine and not a security risk by itself. The security risk you highlighted is showing error messages to end users on production sites. You shouldn’t do that! Turn off error reporting. You can change the appropriate setting in the php.ini, or if you don’t have access to php.ini, you can do it at the beginning of your code like this: