Development tools and frameworks usually have options to make debugging easier for developers. Although these features are useful during development, they should never be enabled for applications deployed in production. Debug instructions or error messages can leak detailed information about the system, like the application’s path or file names.
Do not enable debugging features on production servers or applications distributed to end users.
define( 'WP_DEBUG', true ); // Noncompliant
define( 'WP_DEBUG', false ); // Compliant
Do not enable debugging features on production servers or applications distributed to end users.
CakePHP 1.x, 2.x:
Cake\Core\Configure::write('debug', 1); // Noncompliant
Cake\Core\Configure::write('debug', 2); // Noncompliant
Cake\Core\Configure::write('debug', 3); // Noncompliant
CakePHP 3.0:
Cake\Core\Configure::config('debug', true); // Noncompliant
CakePHP 1.2:
Cake\Core\Configure::write('debug', 0); // Compliant, this is the production mode
CakePHP 3.0:
Cake\Core\Configure::config('debug', false); // Compliant, "0" or "false" for CakePHP 3.x is suitable (production mode) to not leak sensitive data on the logs.