Project

General

Profile

Actions

Task #31826

closed

"die"-message dicloses full script path

Added by Gerald Buttinger over 12 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Category:
Database API (Doctrine DBAL)
Target version:
Start date:
2011-11-15
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

in typo3 v.4.5.7, the file /typo3/sysext/dbal/class.ux_t3lib_db.php contains several lines, in which die-messages disclose the full file-path of the script (via FILE):

1459:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1466:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

1673:
die($this->SQLparser->parse_error . ' in ' . FILE . ' : ' . LINE);

1783:
die('Could not parse where clause in ' . FILE . ' : ' . LINE);

due to security-reasons, this should be concealed, or only output, if the debug-parameters in typo3conf allow it.

Actions

Also available in: Atom PDF