How to stop Drupal from logging error messages to screen?

Submitted by Drupalace on Fri, 2010-05-21 18:19
Question

 

Here's a typical error message that can pop up, for authenticated and anonymous users alike, when Drupal chokes on something:

warning: array_map() [function.array-map]: Argument #2 should be an array in /home/your-directory/your-Drupal-installation/modules/system/system.module on line 1015.

The latter part of the path, modules/system/system.module, is generic to any Drupal setup. But the former part, /home/your-directory/your-Drupal-installation/, refers specifically to your own directory setup. That's obviously useful to the admin (should he for some reason not know the path), but is it wise to be revealing such directory info to strangers?

I can't say offhand what that extra info means to a malicious hacker. But following the general maxim of giving such malcreants no info they shouldn't have, is there a way to stop Drupal from revealing paths in its error messages?

Related URL: 

http://drupal.org/node/803946

Question answer: 

I thought there was a simple setting to handle this, but couldn't recall it. Over on the Drupal.org forums, helpful soul ambientdrup set me straight: the solution is as quick as heading to the Error Reporting settings at admin/settings/error-reporting, and setting errors to write to the log only, not both screen and log. The screen messages are helpful while you're developing a site, but once you launch, it's a good idea to turn them off.

And that's it. My thanks to ambientdrup!

Share/Save
eUKhost Ltd.'s picture

Nice Drupal Tips!

Submitted by eUKhost Ltd. (not verified) on Wed, 2011-12-21 17:08.

Thanks for great post, but I am looking for some Drupal Safety tips. Does your blog have any post related to Drupal security or safety so that I can make my drupal blog more stronger?

Unknown Drupaloid's picture

Quite helpful

Submitted by Unknown Drupaloid (not verified) on Mon, 2011-01-10 16:39.

Thanks a lot for posting the answer. Looking for more solutions like this.

Buying an Verisign EV just got simpler

PHP Code's picture

Thanks for perfect answer.

Submitted by PHP Code (not verified) on Fri, 2010-10-08 15:05.

Thanks for the perfect answer.

Moreoever you will find your answe right on http://www.phpkode.com/

Unknown Drupaloid's picture

Thanks for this info!

Submitted by Unknown Drupaloid (not verified) on Tue, 2010-06-22 01:46.

Thanks for this info!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><br><p>
  • You may quote other posts using [quote] tags.
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options


Relevant Content

The Drupal Ace logo has dealt these content suggestions from the deck.

Learn Drupal, hands-on

Get the beginner-friendly ebook that teaches community site building via a live case study.

Drupal 6 Ultimate Community Site Guide

Read the review

It's a deal!

Dreamhost dealsDrupal Ace presides over his domain, proudly ensconced in his DreamHost eyrie. Won't you join me?

Promo code deal!

Just enter the code 49ER when you register for an account, and save $49 off the already-low price. No strings!

Read my hosting service review

Drupal mini tip

As noted in Forum Finds: Node deletion is forever, when you tell Drupal to delete a node it gives you one "Are you sure...?" chance to recapitulate, but that's it. Confirm the deletion, and that node is gone; there's no Trash Can or Undo to get it back.

To prevent mishaps, be careful in giving users permission to delete nodes. Also, make it a rule to unpublish, not delete, nodes when you want to take them off the site. The node will disappear from view just as if it had been deleted, but will remain in the database should you ever want to republish, reedit, or otherwise revisit it.

Powered by Drupal, an open source content management system