Am 01.12.20 um 21:09 schrieb Stanislav Malyshev:
we are running error_reporting E_ALL for 17 years now and don't
distinct between notice / warning / error, it has to be fixed -
period
Surely you do. Your code continues to run after warning/notice but stops
after the error. It's impossible to ignore that. Unless you have an
error handler that does exit() after a notice (which I have hard time
believing, honestly, but who knows), there is a very major distinction.
my server would trigger a mail every 15 minutes wioth all warnings and
notices to enforce fixing the issue
It's not about what "has to be fixed" - it's not about the contents of
your bug tracking database - it's about the code that run one way and
suddenly now runs (or, rather, fails) in a fundamentally different way
it should fail and it should have done that for 20 years because it
points out missing input validation which is a much bigger probkem than
a random exception seems to be
but yeah, you are the guy closing security bugs all the time with no
understanding what "fail eraly and fail safe" means in the context of
security
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
