Am 02.12.20 um 09:18 schrieb Christian Schneider:
Am 01.12.2020 um 21:13 schrieb Reindl Harald (privat) <ha...@rhsoft.net>:
Am 01.12.20 um 21:09 schrieb Stanislav Malyshev:
we are running error_reporting E_ALL for 17 years now and don't
distinct between notice / warning / error, it has to be fixed -
period
Surely you do. Your code continues to run after warning/notice but stops
after the error. It's impossible to ignore that. Unless you have an
error handler that does exit() after a notice (which I have hard time
believing, honestly, but who knows), there is a very major distinction.
my server would trigger a mail every 15 minutes wioth all warnings and notices
to enforce fixing the issue
Out of curiosity: What is your fix?
https://en.wikipedia.org/wiki/Web_application_firewall and sanitize
userinput while i don't see much legit usecases where userinout from
outside makes it to is_file/is_dir without calling that a security issue
anyways
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
