phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017187phplist applicationOtherpublic11-05-14 20:0916-07-14 17:56
Reporterduncanc 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.6 
Target Version3.0.7Fixed in Version3.0.7 
Summary0017187: SQL is not displayed when an error occurs
DescriptionIn mysqli.inc and mysql.inc the variable $lastquery is not always set. So when an error occurs on a query the sql is not displayed.

In function Sql_Query $lastquery is set only when $developer_email is already set (which is usually not the case). So in function Sql_Error() that variable is undefined.

It would be more useful to always display the sql when an error occurs.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to 0017172resolvedmichiel update mysql.inc to mysqli.inc 

-  Notes
(0053726)
michiel (manager)
15-05-14 15:28


no, for security it is custom to not display SQL errors, to avoid SQL Injection profiling.

So, it should only really display the SQL in developer mode. The undefined variable needs to be caught as well.

(0054067)
duncanc (developer)
28-06-14 14:14

Corrected function name where the undefined variable occurs
(0054068)
duncanc (developer)
28-06-14 14:48

Another small issue in mysqli.inc and mysql.inc with functions dbg() and cl_output().
These are defined in connect.php, so if any database errors happen before connect.php has been included then they will not have been defined.
Looking at index.php languages.php and defaultconfig.php are included before connect.php.
(0054069)
duncanc (developer)
28-06-14 14:48

Need to add file mysqli.inc to the GitHub repository.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker