Yii running in dev mode
Description
The Yii web application is configured to run in development mode, as indicated by the YII_ENV constant being set to 'dev' in the application's entry script. Development mode is designed for debugging and testing purposes during the software development lifecycle, but should never be enabled in production environments. This configuration exposes debugging features and verbose error messages that are intended only for developers.
Remediation
Configure the application to run in production mode by modifying the Yii entry script (typically <strong>index.php</strong> or <strong>web/index.php</strong>). Remove or comment out the line that defines the YII_ENV constant as 'dev', and ensure it is set to 'prod' instead:<br/><br/><pre>// Remove or comment out this line: // defined('YII_ENV') or define('YII_ENV', 'dev'); // Add this line for production: defined('YII_ENV') or define('YII_ENV', 'prod');</pre><br/>After making this change, verify that error reporting is properly configured for production by ensuring <strong>YII_DEBUG</strong> is set to false:<br/><br/><pre>defined('YII_DEBUG') or define('YII_DEBUG', false);</pre><br/>Test the application thoroughly after making these changes to ensure it functions correctly in production mode.