Fix guide · medium · php_error_disclosed

PHP errors / warnings disclosed in responses

What this rule means

Responses contain Warning:, Notice:, or Fatal error text from PHP.

Why it matters

Reveals server file paths, function names, and execution flow.

How to fix it

In php.ini for production:

display_errors = Off
log_errors = On
error_reporting = E_ALL
error_log = /var/log/php_errors.log

Or per-deploy:

ini_set('display_errors', '0');
ini_set('log_errors', '1');

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.

Run another inspection

PHP errors / warnings disclosed in responses

Why it matters

How to fix it

Did vibecheck flag this on your app?

Related fix guides