# HG changeset patch # User Dan # Date 1218504826 14400 # Node ID 424ea7aac0ca7f26d0ed27c76a8acc223554e04c # Parent 4cc27e7abd6050006df79254e927e87748f9a040 SECURITY: Full query is no longer shown on SQL injection attempt; silenced calls to mysql_unbuffered_query() due to some untraceable yet harmless errors diff -r 4cc27e7abd60 -r 424ea7aac0ca includes/dbal.php --- a/includes/dbal.php Mon Aug 11 21:32:52 2008 -0400 +++ b/includes/dbal.php Mon Aug 11 21:33:46 2008 -0400 @@ -267,7 +267,8 @@ if ( !$this->check_query($q) ) { $this->report_query($q); - grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); + $debug = ( defined('ENANO_DEBUG') ) ? '

Query was:

'.htmlspecialchars($q).'
' : ''; + grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

' . $debug); } } @@ -300,11 +301,12 @@ if ( !$this->check_query($q) ) { $this->report_query($q); - grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); + $debug = ( defined('ENANO_DEBUG') ) ? '

Query was:

'.htmlspecialchars($q).'
' : ''; + grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

' . $debug); } $time_start = microtime_float(); - $r = mysql_unbuffered_query($q, $this->_conn); + $r = @mysql_unbuffered_query($q, $this->_conn); $this->query_times[$q] = microtime_float() - $time_start; $this->latest_result = $r; $this->disable_errorhandler();