michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): change ErrorRendererFactory isDebugMode default to false
All checks were successful
Test Runner / test-basic (push) Successful in 7s
Details
Test Runner / test-php (push) Successful in 8s
Details
Deploy Application / deploy (push) Successful in 43s
Details

Browse Source 
Change the default value of $isDebugMode constructor parameter from
true to false, following the security-by-default principle. This ensures
that even if the factory is instantiated without explicit debug mode
configuration, it won't leak sensitive debugging information like
stack traces, file paths, and code context.
This commit is contained in:
Michael Schiemer
2025-11-25 04:09:41 +01:00
parent 77505edabf
commit 57eabe30a5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Framework/ExceptionHandling/ErrorRendererFactory.php
View File

@@ -20,7 +20,7 @@ final readonly class ErrorRendererFactory
private ExecutionContext $executionContext, private ExecutionContext $executionContext,
private Engine $engine, private Engine $engine,
private ?ConsoleOutput $consoleOutput = null, private ?ConsoleOutput $consoleOutput = null,
private bool $isDebugMode = true private bool $isDebugMode = false
) {} ) {}
/** /**