Changeset 2483


Ignore:
Timestamp:
Aug 23, 2008, 3:15:33 AM (16 years ago)
Author:
rvelices
Message:
  • security fix : when confquestion_mark_in_urls=true , $_SERVERPATH_INFO was not sanitized against sql injection
  • mysql errors are now dumped using trigger_error instead of echo and die -> allow admins to see later on if someone tries funny stuff
Location:
branches/branch-1_7/include
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/branch-1_7/include/common.inc.php

    r2212 r2483  
    103103  }
    104104}
     105if ( !empty($_SERVER["PATH_INFO"]) )
     106{
     107  $_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]);
     108}
    105109
    106110//
     
    142146
    143147// Database connection
    144 mysql_connect( $cfgHote, $cfgUser, $cfgPassword )
    145 or die ( "Could not connect to database server" );
    146 mysql_select_db( $cfgBase )
    147 or die ( "Could not connect to database" );
     148@mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or my_error( 'mysql_connect', true );
     149@mysql_select_db( $cfgBase ) or my_error( 'mysql_select_db', true );
    148150
    149151//

  • branches/branch-1_7/include/functions.inc.php

    r2457 r2483  
    630630
    631631  $start = get_moment();
    632   $result = mysql_query($query) or my_error($query."\n");
     632  ($result = mysql_query($query)) or my_error($query, $conf['die_on_sql_error']);
    633633
    634634  $time = get_moment() - $start;
     
    925925// my_error returns (or send to standard output) the message concerning the
    926926// error occured for the last mysql query.
    927 function my_error($header)
    928 {
    929   global $conf;
    930 
    931   $error = '<pre>';
    932   $error.= $header;
    933   $error.= '[mysql error '.mysql_errno().'] ';
    934   $error.= mysql_error();
    935   $error.= '</pre>';
    936 
    937   if ($conf['die_on_sql_error'])
    938   {
    939     die($error);
    940   }
    941   else
    942   {
    943     echo $error;
    944   }
    945 }
     927
     928function my_error($header, $die)
     929{
     930  $error = $header;
     931  $error.= "\n[mysql error ".mysql_errno().'] '.mysql_error()."\n";
     932
     933  if (function_exists('debug_backtrace'))
     934  {
     935    $bt = debug_backtrace();
     936    for ($i=0; $i<count($bt); $i++)
     937    {
     938      $error .= "#$i\t".@$bt[$i]['function']." ".@$bt[$i]['file']."(".@@$bt[$i]['line'].")\n";
     939    }
     940  }
     941
     942  if ($die)
     943  {
     944    @set_status_header(500);
     945    echo( str_repeat( ' ', 300)."\n"); //IE doesn't error output if below a size
     946  }
     947  echo("<pre>");
     948  trigger_error($error, $die ? E_USER_ERROR : E_USER_WARNING);
     949  !$die || die($error); // just in case the handler didnt die
     950  echo("</pre>");
     951}
     952
    946953
    947954/**
Note: See TracChangeset for help on using the changeset viewer.