Your Yii web application is configured to run with debug mode enabled.

A Yii application can run in either debug or production mode, as determined by the value of the constant YII_DEBUG. When Yii runs with the constant YII_DEBUG set to true, it can show valuable information to an attacker (setting aside the performance penalty). For instance, suppose an attacker finds a validation miss in your application: when a form is spoofed to send an array value in a field, a PHP function will receive incorrect parameters. In debug mode, Yii will then print the call stack, with the context of each call made in user code.

It's recommended to disable debug mode in production environments since it may have a significant and adverse performance effect and may expose sensitive information to end users.


To disable debug mode remove the following lines from the Yii entry script

// remove the following line when in production mode
defined('YII_DEBUG') or define('YII_DEBUG',true);.


Related Vulnerabilities