Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is an example of CWE-81: "Improper Neutralization of Script in an Error Message Web Page" [1].

For those of you working with WordPress, this is the code you need in wp-config.php to log errors but not show them in web pages:

    define('WP_DEBUG', true);
    define('WP_DEBUG_DISPLAY', false);
    define('WP_DEBUG_LOG', true);
[1] http://cwe.mitre.org/data/definitions/81.html


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: