https://builds-artifacts.matomo.org shows PHP error messages / warnings #14067

hannob · 2019-02-03T07:54:47Z

By sending a cookie with a special char one can trigger a PHP warning:

curl --cookie 'PHPSESSID=äöü' https://builds-artifacts.matomo.org

The PHP warning will be shown within the HTML output:

<b>Warning</b>:  SessionHandler::write(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>/home/piwik-builds-artifacts/ui-tests-viewer/vendor/symfony/http-foundation/Session/Storage/Proxy/SessionHandlerProxy.php</b> on line <b>77</b><br />

It is generally recommended to never enable displaying PHP errors in production systems. While this warning is harmless, other error types can contain sensitive information like passwords.

The text was updated successfully, but these errors were encountered:

tsteur · 2019-02-03T19:45:43Z

Cheers, we changed it there.

tsteur closed this as completed Feb 3, 2019

tsteur added the answered For when a question was asked and we referred to forum or answered it. label Feb 3, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

https://builds-artifacts.matomo.org shows PHP error messages / warnings #14067

https://builds-artifacts.matomo.org shows PHP error messages / warnings #14067

hannob commented Feb 3, 2019

tsteur commented Feb 3, 2019

https://builds-artifacts.matomo.org shows PHP error messages / warnings #14067

https://builds-artifacts.matomo.org shows PHP error messages / warnings #14067

Comments

hannob commented Feb 3, 2019

tsteur commented Feb 3, 2019