From c3494202101877f6671f45bb996a20b5279a1fdb Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 18 Nov 2013 22:57:37 +0000 Subject: [PATCH] functions.inc.php - db_query(): do not print out the failed query, error_log() it instead to avoid information leaks. - update SF forum URL git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1592 a1433add-5e2c-0410-b055-b7f2511e0802 --- functions.inc.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/functions.inc.php b/functions.inc.php index 2658124e..6b93bc42 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -1187,7 +1187,7 @@ $DEBUG_TEXT = "\n Please check the documentation and website for more information.\n

\n Postfix Admin
\n - Forums + Forums "; @@ -1322,14 +1322,18 @@ function db_query ($query, $ignore_errors = 0) { if (! (is_resource($link) || is_object($link) ) ) $link = db_connect (); if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) - or $error_text = "

DEBUG INFORMATION:
Invalid query ($query) : " . mysql_error($link) . "$DEBUG_TEXT"; + or $error_text = "Invalid query: " . mysql_error($link); if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) - or $error_text = "

DEBUG INFORMATION:
Invalid query ($query) : " . mysqli_error($link) . "$DEBUG_TEXT"; + or $error_text = "Invalid query: " . mysqli_error($link); if (db_pgsql()) { $result = @pg_query ($link, $query) - or $error_text = "

DEBUG INFORMATION:
Invalid query ($query): " . pg_last_error() . "$DEBUG_TEXT"; + or $error_text = "Invalid query: " . pg_last_error(); + } + if ($error_text != "" && $ignore_errors == 0) { + error_log($error_text); + error_log("caused by query: $query"); + die("

DEBUG INFORMATION:
$error_text

Check your error_log for the failed query. $DEBUG_TEXT"); } - if ($error_text != "" && $ignore_errors == 0) die($error_text); if ($error_text == "") { if (preg_match("/^SELECT/i", trim($query))) {