From d1601260863a3195ddedabf2a8395d2f0d732b1e Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 15 Dec 2005 13:52:27 +0000 Subject: - show complete sql error message + path to administrators only (idea from post to bugtraq about SMF) git-svn-id: file:///svn/phpbb/trunk@5338 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/db/dbal.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 5555bf09ea..c02f6d4e92 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -192,14 +192,26 @@ class dbal */ function sql_error($sql = '') { + global $auth, $user; + $error = $this->_sql_error(); if (!$this->return_on_error) { - $this_page = (isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']; - $this_page .= '&' . ((isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : (isset($_ENV['QUERY_STRING']) ? $_ENV['QUERY_STRING'] : '')); + $message = 'SQL ERROR [ ' . SQL_LAYER . ' ]

' . $error['message'] . ' [' . $error['code'] . ']; + + // Show complete SQL error and path to administrators only + if ($auth->acl_get('a_')) + { + $this_page = (isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']; + $this_page .= '&' . ((isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : (isset($_ENV['QUERY_STRING']) ? $_ENV['QUERY_STRING'] : '')); - $message = 'SQL ERROR [ ' . SQL_LAYER . ' ]

' . $error['message'] . ' [' . $error['code'] . ']

CALLING PAGE

' . htmlspecialchars($this_page) . (($sql != '') ? '

SQL

' . $sql : '') . '
'; + $message .= '

CALLING PAGE

' . htmlspecialchars($this_page) . (($sql != '') ? '

SQL

' . $sql : '') . '
'; + } + else + { + $message .= '

' . $user->lang['SQL_ERROR_OCCURRED']; + } if ($this->transaction) { -- cgit v1.2.1