Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
529 views
in Q2A Core by

I was trying to implement IP logging for bots that try to register for my Q2A site (I use WP integration, so any attempted registration is a sign of a bot, I think), and I noticed that when Q2A throws a fatal error, it also displays a stack trace, showing the file paths of my Q2A install; I wonder if that is really wise since it may give an intruder useful information about my setup.  Is there a way to stop it from displaying a stack trace?

What I've done for now is have the Admin Plus plugin override qa_fatal_error():

    function qa_fatal_error( $message ) {
        $message .=  ' ('.$_SERVER['REMOTE_ADDR'].')';
        echo 'Question2Answer fatal error:<P><FONT COLOR="red">'.qa_html($message, true).'</FONT></P>';
        echo '<P><FONT COLOR="red">Your IP address has been logged.</FONT></P>';
        @error_log('PHP Question2Answer fatal error: '.$message);
 
    }

which also logs the IP address to the PHP logs.

1 Answer

+1 vote
by
selected by
 
Best answer
Q2A 1.6 (dev) shows only partial path names in this stack trace to solve the security issue.
...