From 60f8c395f24ba6db80d510892bcc53ce5bf9f4eb Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Wed, 25 Aug 2010 18:03:28 +0200 Subject: Modified the database driver's display_error() method to show the filename and line number of the failed query. --- system/database/DB_driver.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'system') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index dfef42757..8e6f88801 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1169,6 +1169,24 @@ class CI_DB_driver { $message = ( ! is_array($error)) ? array(str_replace('%s', $swap, $LANG->line($error))) : $error; } + // Find the most likely culprit of the error by going through + // the backtrace until the source file is no longer in the + // database folder. + + $trace = debug_backtrace(); + + foreach($trace as $call) + { + if (isset($call['file']) && strpos($call['file'], BASEPATH.'database') === FALSE) + { + // Found it - use a relative path for safety + $message[] = 'Filename: '.str_replace(array(BASEPATH, APPPATH), '', $call['file']); + $message[] = 'Line Number: '.$call['line']; + + break; + } + } + $error =& load_class('Exceptions', 'core'); echo $error->show_error($heading, $message, 'error_db'); exit; -- cgit v1.2.3-24-g4f1b From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:31:08 -0500 Subject: Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented --- system/libraries/Session.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'system') diff --git a/system/libraries/Session.php b/system/libraries/Session.php index cf6dc96e3..f413c0d1b 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -65,6 +65,11 @@ class CI_Session { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } + if ($this->encryption_key == '') + { + show_error('In order to use the Session class you are required to set an encryption key in your config file.'); + } + // Load the string helper so we can use the strip_slashes() function $this->CI->load->helper('string'); -- cgit v1.2.3-24-g4f1b From 7284f06585a689702ea86684893c999065621460 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Tue, 31 Aug 2010 00:30:21 -0500 Subject: changed key comparison to be loosely typed, so an error would be triggered when an empty string is attempted to be used as an encryption key --- system/libraries/Encrypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c893fbf9e..44fdce03b 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -72,7 +72,7 @@ class CI_Encrypt { $CI =& get_instance(); $key = $CI->config->item('encryption_key'); - if ($key === FALSE) + if ($key == FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } -- cgit v1.2.3-24-g4f1b