@anonymous-matomo-user opened this Issue on January 22nd 2010

By default PHP error messages and printDebug() output are displayed to all users accessing the admin or widgets. This can provide server information to malicious users. A new option should be added to config.ini.php to disable all error output to the browser. Additionally it would be useful to set this option separately for admin and non-admin users.

Currently the only way to disable printDebug() is by setting


Instead of adding a new config value, another option would be to default PIWIK_TRACKER_DEBUG to false and only set it to true if an admin is logged in.

By default PHP error output is enabled with the display_errors option. The default should be to suppress PHP error output and only enable it for admin users.

@robocoder commented on January 22nd 2010 Contributor

Since we're in development mode, I've deferred this request to post-1.0.

In the meantime, you can add that one-liner to a bootstrap.php file in your root piwik folder (which isn't overwritten by an update).

@mattab commented on March 21st 2010 Member

I can't think of an expected use case where Piwik would throw errors and this wouldn't be a bug. In all cases, errors should not be thrown but should be caught and properly handled. Closing as won't fix. If such error show up, please create a ticket and we will ensure that they are handled with a human readable error message, or don't make the Piwik UI or tracking fail.

@pattonwebz commented on April 29th 2014

Is there no way for me to mark these recent updates as spam?

@sgiehl commented on April 29th 2014 Member

I've removed that spam...

@pattonwebz commented on April 29th 2014

Replying to SteveG:

I've removed that spam...
Awesome :)

This Issue was closed on April 29th 2014
Powered by GitHub Issue Mirror