diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-08-23 01:18:13 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-08-23 01:18:13 +0000 |
commit | 726529c49bdd049c039928dac3e736dac6263e51 (patch) | |
tree | 5c284613b9e1586a4c11ad1378525d959a069670 | |
parent | 707351a95cc6f0afa71d684b775bd24e50880ce4 (diff) |
merge r2483 from branch 1.7
- security fix : when conf['question_mark_in_urls']=true , $_SERVER['PATH_INFO'] was not sanitized against sql injection
- mysql errors are now dumped using trigger_error instead of echo and die -> allow admins to see later on if someone tries funny stuff
git-svn-id: http://piwigo.org/svn/trunk@2484 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | include/common.inc.php | 10 | ||||
-rw-r--r-- | include/functions.inc.php | 33 |
2 files changed, 26 insertions, 17 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index 2e3d27ee3..d12b8bb70 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -98,6 +98,10 @@ if( !get_magic_quotes_gpc() ) @reset($_COOKIE); } } +if ( !empty($_SERVER["PATH_INFO"]) ) +{ + $_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]); +} // // Define some basic configuration arrays this also prevents malicious @@ -138,10 +142,8 @@ include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); include(PHPWG_ROOT_PATH . 'include/template.class.php'); // Database connection -mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) -or die ( "Could not connect to database server" ); -mysql_select_db( $cfgBase ) -or die ( "Could not connect to database" ); +@mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or my_error( 'mysql_connect', true ); +@mysql_select_db( $cfgBase ) or my_error( 'mysql_select_db', true ); defined('PWG_CHARSET') and defined('DB_CHARSET') or die('PWG_CHARSET and/or DB_CHARSET is not defined'); diff --git a/include/functions.inc.php b/include/functions.inc.php index 3902bb890..bc16d6940 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -596,7 +596,7 @@ function pwg_query($query) global $conf,$page,$debug,$t2; $start = get_moment(); - $result = mysql_query($query) or my_error($query."\n"); + ($result = mysql_query($query)) or my_error($query, $conf['die_on_sql_error']); $time = get_moment() - $start; @@ -905,26 +905,33 @@ function get_thumbnail_title($element_info) // my_error returns (or send to standard output) the message concerning the // error occured for the last mysql query. -function my_error($header) -{ - global $conf; - $error = '<pre>'; - $error.= $header; - $error.= '[mysql error '.mysql_errno().'] '; - $error.= mysql_error(); - $error.= '</pre>'; +function my_error($header, $die) +{ + $error = $header; + $error.= "\n[mysql error ".mysql_errno().'] '.mysql_error()."\n"; - if ($conf['die_on_sql_error']) + if (function_exists('debug_backtrace')) { - die($error); + $bt = debug_backtrace(); + for ($i=0; $i<count($bt); $i++) + { + $error .= "#$i\t".@$bt[$i]['function']." ".@$bt[$i]['file']."(".@@$bt[$i]['line'].")\n"; + } } - else + + if ($die) { - echo $error; + @set_status_header(500); + echo( str_repeat( ' ', 300)."\n"); //IE doesn't error output if below a size } + echo("<pre>"); + trigger_error($error, $die ? E_USER_ERROR : E_USER_WARNING); + !$die || die($error); // just in case the handler didnt die + echo("</pre>"); } + /** * creates an array based on a query, this function is a very common pattern * used here |