Yii debug mode enabled
Description
The Yii web application is running with debug mode enabled, which is intended only for development environments. When the YII_DEBUG constant is set to true, the framework exposes detailed diagnostic information including stack traces, function parameters, file paths, and application configuration details. This verbose error reporting helps developers troubleshoot issues during development but creates significant security risks when left enabled in production environments.
Remediation
Disable debug mode before deploying to production by modifying the Yii entry script (typically <code>index.php</code> or <code>web/index.php</code>). Remove or comment out the line that defines the YII_DEBUG constant: <pre> // Remove or comment out this line in production: // defined('YII_DEBUG') or define('YII_DEBUG', true); </pre> Alternatively, explicitly set it to false: <pre> defined('YII_DEBUG') or define('YII_DEBUG', false); </pre> Verify the change by checking that error pages no longer display stack traces and detailed diagnostic information. Consider using environment variables or configuration management tools to automatically control debug settings across different deployment environments.