Make phpinfo on the admin status report configurable

Created on 5 May 2023, about 1 year ago
Updated 21 June 2023, 12 months ago

Problem/Motivation

This is a follow up to SA-CORE-2023-004

https://git.drupalcode.org/project/drupal/-/commit/b4aa82d4486465eac7a13...

This change removed sections of the phpinfo() page which can contain sensitive info.

Whilst Drupal core should have a safe default for this (which it now does) it would be useful for sites to be able to configure phpinfo(); it's often quite useful to see PHP superglobals for debugging, for example.

We should include an appropriate note of caution about this setting, and perhaps encourage people to consider making any changes temporary etc..

Steps to reproduce

Visit /admin/reports/status/php as user with appropriate permissions.

Proposed resolution

Make the options passed to phpinfo() configurable.

Release notes snippet

A new setting $settings['sa_core_2023_004_phpinfo_flags'] in default.settings.php has been added to configure the behaviour of admin/reports/status/php.

📌 Task
Status

Fixed

Version

10.1

Component
System 

Last updated 2 days ago

No maintainer
Created by

🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024