aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2008-08-23 01:18:13 +0000
committerrvelices <rv-github@modusoptimus.com>2008-08-23 01:18:13 +0000
commit726529c49bdd049c039928dac3e736dac6263e51 (patch)
tree5c284613b9e1586a4c11ad1378525d959a069670
parent707351a95cc6f0afa71d684b775bd24e50880ce4 (diff)
merge r2483 from branch 1.7
- security fix : when conf['question_mark_in_urls']=true , $_SERVER['PATH_INFO'] was not sanitized against sql injection - mysql errors are now dumped using trigger_error instead of echo and die -> allow admins to see later on if someone tries funny stuff git-svn-id: http://piwigo.org/svn/trunk@2484 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/common.inc.php10
-rw-r--r--include/functions.inc.php33
2 files changed, 26 insertions, 17 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index 2e3d27ee3..d12b8bb70 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -98,6 +98,10 @@ if( !get_magic_quotes_gpc() )
@reset($_COOKIE);
}
}
+if ( !empty($_SERVER["PATH_INFO"]) )
+{
+ $_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]);
+}
//
// Define some basic configuration arrays this also prevents malicious
@@ -138,10 +142,8 @@ include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
include(PHPWG_ROOT_PATH . 'include/template.class.php');
// Database connection
-mysql_connect( $cfgHote, $cfgUser, $cfgPassword )
-or die ( "Could not connect to database server" );
-mysql_select_db( $cfgBase )
-or die ( "Could not connect to database" );
+@mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or my_error( 'mysql_connect', true );
+@mysql_select_db( $cfgBase ) or my_error( 'mysql_select_db', true );
defined('PWG_CHARSET') and defined('DB_CHARSET')
or die('PWG_CHARSET and/or DB_CHARSET is not defined');
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 3902bb890..bc16d6940 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -596,7 +596,7 @@ function pwg_query($query)
global $conf,$page,$debug,$t2;
$start = get_moment();
- $result = mysql_query($query) or my_error($query."\n");
+ ($result = mysql_query($query)) or my_error($query, $conf['die_on_sql_error']);
$time = get_moment() - $start;
@@ -905,26 +905,33 @@ function get_thumbnail_title($element_info)
// my_error returns (or send to standard output) the message concerning the
// error occured for the last mysql query.
-function my_error($header)
-{
- global $conf;
- $error = '<pre>';
- $error.= $header;
- $error.= '[mysql error '.mysql_errno().'] ';
- $error.= mysql_error();
- $error.= '</pre>';
+function my_error($header, $die)
+{
+ $error = $header;
+ $error.= "\n[mysql error ".mysql_errno().'] '.mysql_error()."\n";
- if ($conf['die_on_sql_error'])
+ if (function_exists('debug_backtrace'))
{
- die($error);
+ $bt = debug_backtrace();
+ for ($i=0; $i<count($bt); $i++)
+ {
+ $error .= "#$i\t".@$bt[$i]['function']." ".@$bt[$i]['file']."(".@@$bt[$i]['line'].")\n";
+ }
}
- else
+
+ if ($die)
{
- echo $error;
+ @set_status_header(500);
+ echo( str_repeat( ' ', 300)."\n"); //IE doesn't error output if below a size
}
+ echo("<pre>");
+ trigger_error($error, $die ? E_USER_ERROR : E_USER_WARNING);
+ !$die || die($error); // just in case the handler didnt die
+ echo("</pre>");
}
+
/**
* creates an array based on a query, this function is a very common pattern
* used here