Task #31826
closed"die"-message dicloses full script path
100%
Description
in typo3 v.4.5.7, the file /typo3/sysext/dbal/class.ux_t3lib_db.php contains several lines, in which die-messages disclose the full file-path of the script (via FILE):
1459:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);
1466:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);
1673:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);
1783:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);
due to security-reasons, this should be concealed, or only output, if the debug-parameters in typo3conf allow it.
Updated by Xavier Perseguers about 13 years ago
- Status changed from New to Accepted
We should even throw exceptions instead. Do you think you can provide a patch?
Updated by Gerald Buttinger about 13 years ago
Xavier Perseguers wrote:
We should even throw exceptions instead. Do you think you can provide a patch?
wow, fast reaction! :)
i'm sorry, but i don't have much experience with the typo3-source. someone other might be better fitted for that.
Updated by Xavier Perseguers about 13 years ago
- Assignee set to Xavier Perseguers
- Target version set to 4.6.1
OK, will come with something...
Updated by Marcus Krause about 13 years ago
great to see this issue in public, NOT ;-)
Updated by Xavier Perseguers about 13 years ago
- Tracker changed from Bug to Task
Updated by Mr. Jenkins about 13 years ago
Patch set 1 of change I30f86789c8438acd27c847f3fa9271a3297db5bd has been pushed to the review server.
It is available at http://review.typo3.org/6760
Updated by Xavier Perseguers about 13 years ago
- Status changed from Accepted to Under Review
Updated by Mr. Jenkins about 13 years ago
Patch set 1 of change Ia878e63436b19015b3b6771fe17e6179e9747b69 has been pushed to the review server.
It is available at http://review.typo3.org/6761
Updated by Mr. Jenkins about 13 years ago
Patch set 1 of change I57dbeeaffb89dd0b8c32455fe3a4b7c1f3749608 has been pushed to the review server.
It is available at http://review.typo3.org/6762
Updated by Mr. Jenkins about 13 years ago
Patch set 1 of change Ic5840ebf15b591b541ddc29276acf2d1075da8e0 has been pushed to the review server.
It is available at http://review.typo3.org/6763
Updated by Mr. Jenkins about 13 years ago
Patch set 1 of change Ie766c14c2b9c0b6cf5e08f079c3f839702e4a7b7 has been pushed to the review server.
It is available at http://review.typo3.org/6764
Updated by Xavier Perseguers about 13 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Updated by Xavier Perseguers almost 13 years ago
- Status changed from Resolved to Closed
Updated by Michael Stucki almost 11 years ago
- Project changed from 329 to TYPO3 Core