From 60f8c395f24ba6db80d510892bcc53ce5bf9f4eb Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Wed, 25 Aug 2010 18:03:28 +0200 Subject: Modified the database driver's display_error() method to show the filename and line number of the failed query. --- system/database/DB_driver.php | 18 ++++++++++++++++++ user_guide/changelog.html | 1 + 2 files changed, 19 insertions(+) diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index dfef42757..8e6f88801 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1169,6 +1169,24 @@ class CI_DB_driver { $message = ( ! is_array($error)) ? array(str_replace('%s', $swap, $LANG->line($error))) : $error; } + // Find the most likely culprit of the error by going through + // the backtrace until the source file is no longer in the + // database folder. + + $trace = debug_backtrace(); + + foreach($trace as $call) + { + if (isset($call['file']) && strpos($call['file'], BASEPATH.'database') === FALSE) + { + // Found it - use a relative path for safety + $message[] = 'Filename: '.str_replace(array(BASEPATH, APPPATH), '', $call['file']); + $message[] = 'Line Number: '.$call['line']; + + break; + } + } + $error =& load_class('Exceptions', 'core'); echo $error->show_error($heading, $message, 'error_db'); exit; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 48d4309a5..38f84112d 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -110,6 +110,7 @@ Hg Tag:

  • Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.
  • Fixed a bug where driver specific table identifier protection could lead to malformed queries in the field_data() functions.
  • Fixed a bug where an undefined class variable was referenced in database drivers.
    • +
  • Modified the database errors to show the filename and line number of the problematic query.
  • Removed the following deprecated functions: orwhere, orlike, groupby, orhaving, orderby, getwhere.
  • Removed deprecated _drop_database() and _create_database() functions from the db utility drivers.
    • -- cgit v1.2.3-24-g4f1b From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:31:08 -0500 Subject: Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented --- application/config/config.php | 4 ++-- system/libraries/Session.php | 5 +++++ user_guide/libraries/sessions.html | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index 6e52bcc17..c5eae8f5b 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -213,8 +213,8 @@ $config['cache_path'] = ''; | Encryption Key |-------------------------------------------------------------------------- | -| If you use the Encryption class or the Sessions class with encryption -| enabled you MUST set an encryption key. See the user guide for info. +| If you use the Encryption class or the Session class you +| MUST set an encryption key. See the user guide for info. | */ $config['encryption_key'] = ""; diff --git a/system/libraries/Session.php b/system/libraries/Session.php index cf6dc96e3..f413c0d1b 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -65,6 +65,11 @@ class CI_Session { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } + if ($this->encryption_key == '') + { + show_error('In order to use the Session class you are required to set an encryption key in your config file.'); + } + // Load the string helper so we can use the strip_slashes() function $this->CI->load->helper('string'); diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 9a2ca939c..7dc386fd4 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel

    Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers.

    +

    Note: Even if you are not using encrypted sessions, you must set +an encryption key in your config file which is used to aid in preventing session data manipulation.

    +

    Initializing a Session

    Sessions will typically run globally with each page load, so the session class must either be -- cgit v1.2.3-24-g4f1b From 52ace4322b6ff02b8d0212197355ac9ee25e63f2 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:33:38 -0500 Subject: added link for encryption key in Session class to the explanation in the Encryption lib --- user_guide/libraries/sessions.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 7dc386fd4..a8e3b3496 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -69,7 +69,7 @@ use the database option you'll need to create the session table as indicated bel generates its own session data, offering more flexibility for developers.

    Note: Even if you are not using encrypted sessions, you must set -an encryption key in your config file which is used to aid in preventing session data manipulation.

    +an encryption key in your config file which is used to aid in preventing session data manipulation.

    Initializing a Session

    -- cgit v1.2.3-24-g4f1b From ac01acc5d786226f6372c2dc2bab81c7d8f3bd06 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:45:06 -0500 Subject: changelog note for Session class change in rev f2660eeaab8d --- user_guide/changelog.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 38f84112d..18e4df7ad 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -98,7 +98,8 @@ Hg Tag:

  • Changed do_xss_clean() to return FALSE if the uploaded file fails XSS checks.
  • Added stripslashes() and trim()ing of double quotes from $_FILES type value to standardize input in Upload library.
  • Added a second parameter (boolean) to $this->zip->read_dir('/path/to/directory', FALSE) to remove the preceding trail of empty folders when creating a Zip archive. This example would contain a zip with "directory" and all of its contents.
    • -
  • Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.

    +
  • Added ability in the Image Library to handle PNG transparency for resize operations when using the GD lib.
    • +
  • Modified the Session class to prevent use if no encryption key is set in the config file.
  • Database -- cgit v1.2.3-24-g4f1b From 7284f06585a689702ea86684893c999065621460 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Tue, 31 Aug 2010 00:30:21 -0500 Subject: changed key comparison to be loosely typed, so an error would be triggered when an empty string is attempted to be used as an encryption key --- system/libraries/Encrypt.php | 2 +- user_guide/changelog.html | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c893fbf9e..44fdce03b 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -72,7 +72,7 @@ class CI_Encrypt { $CI =& get_instance(); $key = $CI->config->item('encryption_key'); - if ($key === FALSE) + if ($key == FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 18e4df7ad..d9c17ab76 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -177,6 +177,7 @@ Hg Tag:

  • Fixed a bug where extending the Controller class would result in a fatal PHP error.
  • Fixed a PHP Strict Standards Error in the index.php file.
  • Fixed a bug where getimagesize() was being needlessly checked on non-image files in is_allowed_type().
    • +
  • Fixed a bug in the Encryption library where an empty key was not triggering an error.

    • Version 1.7.2

    -- cgit v1.2.3-24-g4f1b