[geeklog-cvs] geeklog: Minor security improvement (aka security by obscurity):...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Thu May 21 16:02:11 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8d6120c198aa
changeset: 7047:8d6120c198aa
user: Dirk Haun <dirk at haun-online.de>
date: Thu May 21 21:27:11 2009 +0200
description:
Minor security improvement (aka security by obscurity): SQL errors will now trigger the standard error handler
diffstat:
public_html/docs/history | 2 ++
system/databases/mssql.class.php | 8 +++-----
system/databases/mysql.class.php | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diffs (61 lines):
diff -r 83e4c7501ad6 -r 8d6120c198aa public_html/docs/history
--- a/public_html/docs/history Thu May 21 20:20:19 2009 +0200
+++ b/public_html/docs/history Thu May 21 21:27:11 2009 +0200
@@ -11,6 +11,8 @@
+ Comment moderation and editable comments, by Jared Wenerd
Changes since 1.6.0b1:
+- SQL errors now trigger the standard error handler ("Unfortunately, an error
+ has occurred ..."). Details are available in error.log, as usual [Tony, Dirk]
- Removed the $_CONF['search_no_data'] config option and moved the text to the
language files (bug #0000873) [Dirk]
- All bundled plugins now include a check to see if they support the DBMS the
diff -r 83e4c7501ad6 -r 8d6120c198aa system/databases/mssql.class.php
--- a/system/databases/mssql.class.php Thu May 21 20:20:19 2009 +0200
+++ b/system/databases/mssql.class.php Thu May 21 21:27:11 2009 +0200
@@ -2,13 +2,13 @@
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
-// | Geeklog 1.5 |
+// | Geeklog 1.6 |
// +---------------------------------------------------------------------------+
// | mssql.class.php |
// | |
// | mysql database class |
// +---------------------------------------------------------------------------+
-// | Copyright (C) 2000-2008 by the following authors: |
+// | Copyright (C) 2000-2009 by the following authors: |
// | |
// | Authors: Tony Bibbs, tony AT tonybibbs DOT com |
// | Randy Kolenko, Randy AT nextide DOT ca |
@@ -29,8 +29,6 @@
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
-//
-// $Id: mssql.class.php,v 1.9 2008/05/24 15:42:26 mjervis Exp $
/**
* This file is the mssql implementation of the Geeklog abstraction layer.
@@ -450,7 +448,7 @@
} else {
- $result = @mssql_query($sql,$this->_db) or die($this->dbError($sql) . ' - ' . $sql);
+ $result = @mssql_query($sql,$this->_db) or trigger_error($this->dbError($sql) . ' - ' . $sql);
if($result==FALSE){
echo "Query Failed: ";
echo "<pre>".$this->dbError($sql) . "</pre><hr" . XHTML . ">";
diff -r 83e4c7501ad6 -r 8d6120c198aa system/databases/mysql.class.php
--- a/system/databases/mysql.class.php Thu May 21 20:20:19 2009 +0200
+++ b/system/databases/mysql.class.php Thu May 21 21:27:11 2009 +0200
@@ -257,7 +257,7 @@
if ($ignore_errors == 1) {
$result = @mysql_query($sql,$this->_db);
} else {
- $result = @mysql_query($sql,$this->_db) or die($this->dbError($sql));
+ $result = @mysql_query($sql,$this->_db) or trigger_error($this->dbError($sql));
}
// If OK, return otherwise echo error
More information about the geeklog-cvs
mailing list