[OWASP_PHPSEC] error.php inside Core library

rahul chaudhary rahul300chaudhary400 at gmail.com
Mon Jul 29 05:08:07 UTC 2013

Hello All,

I was reading error.php which is inside core library...I have a couple of

1) When function disable is called, it restores the error handler and the
shutdown function would be un-registered. However, the state of the
variable $isShutdownRegistered is not changed. It is still true.
So, shouldn't it be changed to false as well when "disable()" is called.

2) Function names _errorToException() and _shutDown() are using "_" to
start their names. Why is that??..does putting "_" before a function is
some standard to denote them that they are critical function or something.

IN this code:
//only say fatal error, if the last error has been fatal!
if ($type==E_ERROR or $type==E_CORE_ERROR or $type==E_PARSE or
$type==E_COMPILE_ERROR or $type==E_USER_ERROR)
if (strpos($e['message'],"ErrorException")===false) //exceptions
automatically have filename in their message
echof ("Fatal Error ?: ?
echo_br("Fatal Error {$e['type']}: {$e['message']}");

3) I spotted use of <strong></strong> tags.....Shouldn't we remove them ?

4) Inside the if condition, if class name "ErrorException" is found, then
that error has already been converted to error.....The message should then
say "Fatal Exception" instead of "Fatal Error"...................if that is
not the case, then I don't understand why two different kinds of error
message if "classname" is found inside them or not.

5) Why echo_br is used ? There are no new lines to be converted to <BR>.

Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130729/0939a9eb/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list