Project

General

Profile

Actions
Copy link

Task #31826

closed

"die"-message dicloses full script path

Added by Gerald Buttinger over 12 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Xavier Perseguers
Category:
Database API (Doctrine DBAL)
Target version:
4.6.1
Start date:
2011-11-15
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

in typo3 v.4.5.7, the file /typo3/sysext/dbal/class.ux_t3lib_db.php contains several lines, in which die-messages disclose the full file-path of the script (via FILE):

1459:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1466:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

1673:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1783:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

due to security-reasons, this should be concealed, or only output, if the debug-parameters in typo3conf allow it.

Actions
Copy link
 #1

Updated by Xavier Perseguers over 12 years ago

  • Status changed from New to Accepted

We should even throw exceptions instead. Do you think you can provide a patch?

Actions
Copy link
 #2

Updated by Gerald Buttinger over 12 years ago

Xavier Perseguers wrote:

We should even throw exceptions instead. Do you think you can provide a patch?

wow, fast reaction! :)

i'm sorry, but i don't have much experience with the typo3-source. someone other might be better fitted for that.

Actions
Copy link
 #3

Updated by Xavier Perseguers over 12 years ago

  • Assignee set to Xavier Perseguers
  • Target version set to 4.6.1

OK, will come with something...

Actions
Copy link
 #4

Updated by Marcus Krause over 12 years ago

great to see this issue in public, NOT ;-)

Actions
Copy link
 #5

Updated by Xavier Perseguers over 12 years ago

  • Tracker changed from Bug to Task
Actions
Copy link
 #6

Updated by Mr. Jenkins over 12 years ago

Patch set 1 of change I30f86789c8438acd27c847f3fa9271a3297db5bd has been pushed to the review server.
It is available at http://review.typo3.org/6760

Actions
Copy link
 #7

Updated by Xavier Perseguers over 12 years ago

  • Status changed from Accepted to Under Review
Actions
Copy link
 #8

Updated by Mr. Jenkins over 12 years ago

Patch set 1 of change Ia878e63436b19015b3b6771fe17e6179e9747b69 has been pushed to the review server.
It is available at http://review.typo3.org/6761

Actions
Copy link
 #9

Updated by Mr. Jenkins over 12 years ago

Patch set 1 of change I57dbeeaffb89dd0b8c32455fe3a4b7c1f3749608 has been pushed to the review server.
It is available at http://review.typo3.org/6762

Actions
Copy link
 #10

Updated by Mr. Jenkins over 12 years ago

Patch set 1 of change Ic5840ebf15b591b541ddc29276acf2d1075da8e0 has been pushed to the review server.
It is available at http://review.typo3.org/6763

Actions
Copy link
 #11

Updated by Mr. Jenkins over 12 years ago

Patch set 1 of change Ie766c14c2b9c0b6cf5e08f079c3f839702e4a7b7 has been pushed to the review server.
It is available at http://review.typo3.org/6764

Actions
Copy link
 #12

Updated by Xavier Perseguers over 12 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #13

Updated by Xavier Perseguers about 12 years ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #14

Updated by Michael Stucki over 10 years ago

  • Project changed from 329 to TYPO3 Core
Actions
Copy link
 #15

Updated by Michael Stucki over 10 years ago

  • Category set to 999
Actions
Copy link

Also available in: Atom PDF