[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-database.php, 1.48, 1.49

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 03:12:06 EDT 2007


Shouldn't that be

             if (SEC_inGroup('Root')) {
                 die ($result);
             } else {
                 die ('An SQL error has occurred. Please see 
error.log for details.');
             }

It's not a good idea to expose database error information to normal 
users. In fact mentioning the error.log is somewhat weird too. The 
error message should probably be something like:

                 die ('A database error has occurred. An error 
message has be sent to the administrator.');

At 09:52 PM 10/10/2007, Oliver wrote:
>*** lib-database.php    11 Sep 2007 03:26:50 -0000      1.48
>--- lib-database.php    11 Oct 2007 01:52:37 -0000      1.49
>***************
>*** 184,189 ****
>                   $errmsg .= LB . $db . ': ' . $request;
>               }
>!             COM_errorLog ($errmsg);
>!             die ('An SQL error has occurred. Please see error.log 
>for details.');
>           }
>       }
>--- 184,189 ----
>                   $errmsg .= LB . $db . ': ' . $request;
>               }
>!             $result = COM_errorLog ($errmsg, 3);
>!             die ($result);
>           }
>       }
>
>_______________________________________________
>geeklog-cvs mailing list
>geeklog-cvs at lists.geeklog.net
>http://eight.pairlist.net/mailman/listinfo/geeklog-cvs

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 




More information about the geeklog-devel mailing list