The sonar clound fix recommends this:
According to PHP Logging Basics production, the error reporting should be set to “minimum error reporting level” which is correct, but the “recommended value” is incorrect:
Sonar cloud just copied this recommend value.
But in PHP, the minimum error reporting level is 0, and not E_ALL.
// Turn off all error reporting
error_reporting(0);
0 = Turn off all error reporting
E_ALL = Report all PHP errors
-1 = Report all PHP errors
This means the option E_ALL
and -1
is only for debug mode and NOT for production because it may output all server and internal error details.
See here: error-reporting
Would it be possible to fix this insecure recommendation in Sonar lint?