Task #31826

"die"-message dicloses full script path

Added by Gerald Buttinger almost 11 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Should have
Category:
Database API (Doctrine DBAL)
Target version:
Start date:
2011-11-15
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

in typo3 v.4.5.7, the file /typo3/sysext/dbal/class.ux_t3lib_db.php contains several lines, in which die-messages disclose the full file-path of the script (via FILE):

1459:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1466:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

1673:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1783:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

due to security-reasons, this should be concealed, or only output, if the debug-parameters in typo3conf allow it.

#1

Updated by Xavier Perseguers almost 11 years ago

  • Status changed from New to Accepted

We should even throw exceptions instead. Do you think you can provide a patch?

#2

Updated by Gerald Buttinger almost 11 years ago

Xavier Perseguers wrote:

We should even throw exceptions instead. Do you think you can provide a patch?

wow, fast reaction! :)

i'm sorry, but i don't have much experience with the typo3-source. someone other might be better fitted for that.

#3

Updated by Xavier Perseguers almost 11 years ago

  • Assignee set to Xavier Perseguers
  • Target version set to 4.6.1

OK, will come with something...

#4

Updated by Marcus Krause almost 11 years ago

great to see this issue in public, NOT ;-)

#5

Updated by Xavier Perseguers over 10 years ago

  • Tracker changed from Bug to Task
#6

Updated by Mr. Jenkins over 10 years ago

Patch set 1 of change I30f86789c8438acd27c847f3fa9271a3297db5bd has been pushed to the review server.
It is available at http://review.typo3.org/6760

#7

Updated by Xavier Perseguers over 10 years ago

  • Status changed from Accepted to Under Review
#8

Updated by Mr. Jenkins over 10 years ago

Patch set 1 of change Ia878e63436b19015b3b6771fe17e6179e9747b69 has been pushed to the review server.
It is available at http://review.typo3.org/6761

#9

Updated by Mr. Jenkins over 10 years ago

Patch set 1 of change I57dbeeaffb89dd0b8c32455fe3a4b7c1f3749608 has been pushed to the review server.
It is available at http://review.typo3.org/6762

#10

Updated by Mr. Jenkins over 10 years ago

Patch set 1 of change Ic5840ebf15b591b541ddc29276acf2d1075da8e0 has been pushed to the review server.
It is available at http://review.typo3.org/6763

#11

Updated by Mr. Jenkins over 10 years ago

Patch set 1 of change Ie766c14c2b9c0b6cf5e08f079c3f839702e4a7b7 has been pushed to the review server.
It is available at http://review.typo3.org/6764

#12

Updated by Xavier Perseguers over 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#13

Updated by Xavier Perseguers over 10 years ago

  • Status changed from Resolved to Closed
#14

Updated by Michael Stucki over 8 years ago

  • Project changed from 329 to TYPO3 Core
#15

Updated by Michael Stucki over 8 years ago

  • Category set to 999

Also available in: Atom PDF