replace passwords even before logging, not just for display
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -312,6 +312,32 @@ class Database {
|
|||||||
private static function _showerror($error, $showerror = true) {
|
private static function _showerror($error, $showerror = true) {
|
||||||
global $userinfo, $theme, $linker;
|
global $userinfo, $theme, $linker;
|
||||||
|
|
||||||
|
// include userdata.inc.php
|
||||||
|
require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
|
||||||
|
|
||||||
|
// le format
|
||||||
|
if (isset($sql['root_user'])
|
||||||
|
&& isset($sql['root_password'])
|
||||||
|
&& (!isset($sql_root) || !is_array($sql_root))
|
||||||
|
) {
|
||||||
|
$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
|
||||||
|
}
|
||||||
|
|
||||||
|
// hide username/password in messages
|
||||||
|
$error_message = $error->getMessage();
|
||||||
|
$error_trace = $error->getTraceAsString();
|
||||||
|
// error-message
|
||||||
|
$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
|
||||||
|
$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
|
||||||
|
// error-trace
|
||||||
|
$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
|
||||||
|
$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
|
||||||
|
|
||||||
|
if ($error->getCode() == 2003) {
|
||||||
|
$error_message = "Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.";
|
||||||
|
$error_trace = "";
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* log to a file, so we can actually ask people for the error
|
* log to a file, so we can actually ask people for the error
|
||||||
* (no one seems to find the stuff in the syslog)
|
* (no one seems to find the stuff in the syslog)
|
||||||
@@ -322,8 +348,8 @@ class Database {
|
|||||||
}
|
}
|
||||||
$sl_file = makeCorrectFile($sl_dir."/sql-error.log");
|
$sl_file = makeCorrectFile($sl_dir."/sql-error.log");
|
||||||
$sqllog = @fopen($sl_file, 'a');
|
$sqllog = @fopen($sl_file, 'a');
|
||||||
@fwrite($sqllog, date('d.m.Y H:i', time())." --- ".str_replace("\n", " ", $error->getMessage())."\n");
|
@fwrite($sqllog, date('d.m.Y H:i', time())." --- ".str_replace("\n", " ", $error_message)."\n");
|
||||||
@fwrite($sqllog, date('d.m.Y H:i', time())." --- DEBUG: \n".$error->getTraceAsString()."\n");
|
@fwrite($sqllog, date('d.m.Y H:i', time())." --- DEBUG: \n".$error_trace."\n");
|
||||||
@fclose($sqllog);
|
@fclose($sqllog);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -333,43 +359,17 @@ class Database {
|
|||||||
$err_file = makeCorrectFile($sl_dir."/".$errid."_sql-error.log");
|
$err_file = makeCorrectFile($sl_dir."/".$errid."_sql-error.log");
|
||||||
$errlog = @fopen($err_file, 'w');
|
$errlog = @fopen($err_file, 'w');
|
||||||
@fwrite($errlog, "|CODE ".$error->getCode()."\n");
|
@fwrite($errlog, "|CODE ".$error->getCode()."\n");
|
||||||
@fwrite($errlog, "|MSG ".$error->getMessage()."\n");
|
@fwrite($errlog, "|MSG ".$error_message."\n");
|
||||||
@fwrite($errlog, "|FILE ".$error->getFile()."\n");
|
@fwrite($errlog, "|FILE ".$error->getFile()."\n");
|
||||||
@fwrite($errlog, "|LINE ".$error->getLine()."\n");
|
@fwrite($errlog, "|LINE ".$error->getLine()."\n");
|
||||||
@fwrite($errlog, "|TRACE\n".$error->getTraceAsString()."\n");
|
@fwrite($errlog, "|TRACE\n".$error_trace."\n");
|
||||||
@fclose($errlog);
|
@fclose($errlog);
|
||||||
|
|
||||||
if ($showerror) {
|
if ($showerror) {
|
||||||
|
|
||||||
// include userdata.inc.php
|
|
||||||
require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
|
|
||||||
|
|
||||||
// fallback
|
// fallback
|
||||||
$theme = 'Sparkle';
|
$theme = 'Sparkle';
|
||||||
|
|
||||||
// le format
|
|
||||||
if (isset($sql['root_user'])
|
|
||||||
&& isset($sql['root_password'])
|
|
||||||
&& (!isset($sql_root) || !is_array($sql_root))
|
|
||||||
) {
|
|
||||||
$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
|
|
||||||
}
|
|
||||||
|
|
||||||
// hide username/password in messages
|
|
||||||
$error_message = $error->getMessage();
|
|
||||||
$error_trace = $error->getTraceAsString();
|
|
||||||
// error-message
|
|
||||||
$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
|
|
||||||
$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
|
|
||||||
// error-trace
|
|
||||||
$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
|
|
||||||
$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
|
|
||||||
|
|
||||||
if ($error->getCode() == 2003) {
|
|
||||||
$error_message = "Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.";
|
|
||||||
$error_trace = "";
|
|
||||||
}
|
|
||||||
|
|
||||||
// clean up sensitive data
|
// clean up sensitive data
|
||||||
unset($sql);
|
unset($sql);
|
||||||
unset($sql_root);
|
unset($sql_root);
|
||||||
|
|||||||
Reference in New Issue
Block a user