Sanitize user input
This commit is contained in:
parent
08132587d1
commit
80aa44565b
|
@ -299,7 +299,7 @@ class OC_DB {
|
||||||
// Die if we have an error (error means: bad query, not 0 results!)
|
// Die if we have an error (error means: bad query, not 0 results!)
|
||||||
if( PEAR::isError($result)) {
|
if( PEAR::isError($result)) {
|
||||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||||
$entry .= 'Offending command was: '.$query.'<br />';
|
$entry .= 'Offending command was: '.htmlentities($query).'<br />';
|
||||||
OC_Log::write('core', $entry,OC_Log::FATAL);
|
OC_Log::write('core', $entry,OC_Log::FATAL);
|
||||||
error_log('DB error: '.$entry);
|
error_log('DB error: '.$entry);
|
||||||
die( $entry );
|
die( $entry );
|
||||||
|
@ -309,7 +309,7 @@ class OC_DB {
|
||||||
$result=self::$connection->prepare($query);
|
$result=self::$connection->prepare($query);
|
||||||
}catch(PDOException $e) {
|
}catch(PDOException $e) {
|
||||||
$entry = 'DB Error: "'.$e->getMessage().'"<br />';
|
$entry = 'DB Error: "'.$e->getMessage().'"<br />';
|
||||||
$entry .= 'Offending command was: '.$query.'<br />';
|
$entry .= 'Offending command was: '.htmlentities($query).'<br />';
|
||||||
OC_Log::write('core', $entry,OC_Log::FATAL);
|
OC_Log::write('core', $entry,OC_Log::FATAL);
|
||||||
error_log('DB error: '.$entry);
|
error_log('DB error: '.$entry);
|
||||||
die( $entry );
|
die( $entry );
|
||||||
|
|
Loading…
Reference in New Issue