Task #31826
closed
"die"-message dicloses full script path
Added by Gerald Buttinger over 12 years ago.
Updated over 10 years ago.
Category:
Database API (Doctrine DBAL)
Description
in typo3 v.4.5.7, the file /typo3/sysext/dbal/class.ux_t3lib_db.php contains several lines, in which die-messages disclose the full file-path of the script (via FILE):
1459:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);
1466:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);
1673:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);
1783:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);
due to security-reasons, this should be concealed, or only output, if the debug-parameters in typo3conf allow it.
- Status changed from New to Accepted
We should even throw exceptions instead. Do you think you can provide a patch?
Xavier Perseguers wrote:
We should even throw exceptions instead. Do you think you can provide a patch?
wow, fast reaction! :)
i'm sorry, but i don't have much experience with the typo3-source. someone other might be better fitted for that.
- Assignee set to Xavier Perseguers
- Target version set to 4.6.1
OK, will come with something...
great to see this issue in public, NOT ;-)
- Tracker changed from Bug to Task
Patch set 1 of change I30f86789c8438acd27c847f3fa9271a3297db5bd has been pushed to the review server.
It is available at http://review.typo3.org/6760
- Status changed from Accepted to Under Review
Patch set 1 of change Ia878e63436b19015b3b6771fe17e6179e9747b69 has been pushed to the review server.
It is available at http://review.typo3.org/6761
Patch set 1 of change I57dbeeaffb89dd0b8c32455fe3a4b7c1f3749608 has been pushed to the review server.
It is available at http://review.typo3.org/6762
Patch set 1 of change Ic5840ebf15b591b541ddc29276acf2d1075da8e0 has been pushed to the review server.
It is available at http://review.typo3.org/6763
Patch set 1 of change Ie766c14c2b9c0b6cf5e08f079c3f839702e4a7b7 has been pushed to the review server.
It is available at http://review.typo3.org/6764
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
- Project changed from 329 to TYPO3 Core
Also available in: Atom
PDF