[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-database.php, 1.48, 1.49
Joe Mucchiello
joe at ThrowingDice.com
Thu Oct 11 03:12:06 EDT 2007
Shouldn't that be
if (SEC_inGroup('Root')) {
die ($result);
} else {
die ('An SQL error has occurred. Please see
error.log for details.');
}
It's not a good idea to expose database error information to normal
users. In fact mentioning the error.log is somewhat weird too. The
error message should probably be something like:
die ('A database error has occurred. An error
message has be sent to the administrator.');
At 09:52 PM 10/10/2007, Oliver wrote:
>*** lib-database.php 11 Sep 2007 03:26:50 -0000 1.48
>--- lib-database.php 11 Oct 2007 01:52:37 -0000 1.49
>***************
>*** 184,189 ****
> $errmsg .= LB . $db . ': ' . $request;
> }
>! COM_errorLog ($errmsg);
>! die ('An SQL error has occurred. Please see error.log
>for details.');
> }
> }
>--- 184,189 ----
> $errmsg .= LB . $db . ': ' . $request;
> }
>! $result = COM_errorLog ($errmsg, 3);
>! die ($result);
> }
> }
>
>_______________________________________________
>geeklog-cvs mailing list
>geeklog-cvs at lists.geeklog.net
>http://eight.pairlist.net/mailman/listinfo/geeklog-cvs
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list