merge r2483 from branch 1.7

- security fix : when conf['question_mark_in_urls']=true , $_SERVER['PATH_INFO'] was not sanitized against sql injection
- mysql errors are now dumped using trigger_error instead of echo and die -> allow admins to see later on if someone tries funny stuff

git-svn-id: http://piwigo.org/svn/trunk@2484 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-08-23 01:18:13 +00:00
parent 707351a95c
commit 726529c49b
2 changed files with 27 additions and 18 deletions
+21 -14
View File
@@ -596,7 +596,7 @@ function pwg_query($query)
global $conf,$page,$debug,$t2;
$start = get_moment();
$result = mysql_query($query) or my_error($query."\n");
($result = mysql_query($query)) or my_error($query, $conf['die_on_sql_error']);
$time = get_moment() - $start;
@@ -905,26 +905,33 @@ function get_thumbnail_title($element_info)
// my_error returns (or send to standard output) the message concerning the
// error occured for the last mysql query.
function my_error($header)
function my_error($header, $die)
{
global $conf;
$error = $header;
$error.= "\n[mysql error ".mysql_errno().'] '.mysql_error()."\n";
$error = '<pre>';
$error.= $header;
$error.= '[mysql error '.mysql_errno().'] ';
$error.= mysql_error();
$error.= '</pre>';
if (function_exists('debug_backtrace'))
{
$bt = debug_backtrace();
for ($i=0; $i<count($bt); $i++)
{
$error .= "#$i\t".@$bt[$i]['function']." ".@$bt[$i]['file']."(".@@$bt[$i]['line'].")\n";
}
}
if ($conf['die_on_sql_error'])
if ($die)
{
die($error);
}
else
{
echo $error;
@set_status_header(500);
echo( str_repeat( ' ', 300)."\n"); //IE doesn't error output if below a size
}
echo("<pre>");
trigger_error($error, $die ? E_USER_ERROR : E_USER_WARNING);
!$die || die($error); // just in case the handler didnt die
echo("</pre>");
}
/**
* creates an array based on a query, this function is a very common pattern
* used here