[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-database.php, 1.48, 1.49

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 03:12:06 EDT 2007

Previous message: [geeklog-devel] GSoC Summit Recap
Next message: [geeklog-devel] Fwd: Templating and Caching
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shouldn't that be

if (SEC_inGroup('Root')) {
die ($result);
} else {
die ('An SQL error has occurred. Please see
error.log for details.');
}

It's not a good idea to expose database error information to normal
users. In fact mentioning the error.log is somewhat weird too. The
error message should probably be something like:

die ('A database error has occurred. An error
message has be sent to the administrator.');

At 09:52 PM 10/10/2007, Oliver wrote:

>*** lib-database.php 11 Sep 2007 03:26:50 -0000 1.48

>--- lib-database.php 11 Oct 2007 01:52:37 -0000 1.49

>***************

>*** 184,189 ****

> $errmsg .= LB . $db . ': ' . $request;

> }

>! COM_errorLog ($errmsg);

>! die ('An SQL error has occurred. Please see error.log

>for details.');

> }

> }

>--- 184,189 ----

> $errmsg .= LB . $db . ': ' . $request;

> }

>! $result = COM_errorLog ($errmsg, 3);

>! die ($result);

> }

> }

>

>_______________________________________________

>geeklog-cvs mailing list

>geeklog-cvs at lists.geeklog.net

>http://eight.pairlist.net/mailman/listinfo/geeklog-cvs

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

Previous message: [geeklog-devel] GSoC Summit Recap
Next message: [geeklog-devel] Fwd: Templating and Caching
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list