From c943e7a397f03e1f60b096c7e6eb94fdefd8a569 Mon Sep 17 00:00:00 2001
From: fman <francisco.mancardi@gmail.com>
Date: Wed, 8 Oct 2014 00:12:29 +0200
Subject: [PATCH] Trying to solve path disclosure weakness (CWE-200)

---
 lib/functions/database.class.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/functions/database.class.php b/lib/functions/database.class.php
index 9407815..97c8469 100644
--- a/lib/functions/database.class.php
+++ b/lib/functions/database.class.php
@@ -203,16 +203,20 @@ class database
            "<br />THE MESSAGE : $message ", 'ERROR', "DATABASE");     
       echo "<pre> ============================================================================== </pre>";
       echo "<pre> DB Access Error - debug_print_backtrace() OUTPUT START </pre>";
+      echo "<pre> ATTENTION: Enabling more debug info will produce path disclosure weakness (CWE-200) </pre>";
+      echo "<pre>            Having this additional Information could be useful for reporting </pre>";
+      echo "<pre>            issue to development TEAM. </pre>";
       echo "<pre> ============================================================================== </pre>";
       
       if(defined('DBUG_ON') && DBUG_ON == 1)
       { 
         echo "<pre>"; debug_print_backtrace(); echo "</pre>";
       }   
-      else
-      {
-        echo "<pre>"; debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); echo "</pre>";
-      }  
+      
+      //else
+      //{
+      //  echo "<pre>"; debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); echo "</pre>";
+      //}  
       echo "<pre> ============================================================================== </pre>";
       $t_result = false;
     }
-- 
2.1.4