This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
FS#108 deubg Command shows sensitive data
By appending ?do=debug to a page in DokuWik, you can view a few important data arrays for debuging. However when auth_mysql is turned on, the mysql login/password is displayed in the $conf array.
Considering ?do=debug just print_r's $conf it might be better to limit the debug command to those with admin rights on the wiki.
You're right! This will be fixed in the next release. Users using MySQL auth or any other auth method which stores sensitive data in the conf array should remove the following lines from doku.php to disable the debug function: