[FEATURE] Introduce status report for ExceptionHandler
The DebugExceptionHandler will display full error messages and stack traces and should not be used in production. To mitigate the information disclosure, a new status report has been introduced: - if display errors is set to 1 (-> uses DebugExceptionHandler setting) and context is Production an Error is displayed - if display errors is set to 1 (-> uses DebugExceptionHandler setting) and context is Development a Warning is displayed - if the production exception handler setting is configured to use the DebugExceptionHandler an Error is displayed Resolves: #89978 Releases: master Change-Id: I0f4eb357cf2c0a8012ed2e12a8c9f63073d3a19c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62735 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Tobi Kretschmann <tobi@tobishome.de> Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
Showing
- typo3/sysext/core/Documentation/Changelog/master/Feature-89978-IntroduceStatusReportForInsecureExceptionHandlerSettings.rst 27 additions, 0 deletions...roduceStatusReportForInsecureExceptionHandlerSettings.rst
- typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php 21 additions, 0 deletions...3/sysext/reports/Classes/Report/Status/SecurityStatus.php
- typo3/sysext/reports/Resources/Private/Language/locallang_reports.xlf 9 additions, 0 deletions.../reports/Resources/Private/Language/locallang_reports.xlf
Please register or sign in to comment