From c94f2892913e36f86d76b8c7ab5ac10eeee833e2 Mon Sep 17 00:00:00 2001 From: Shish Date: Mon, 11 Nov 2019 16:43:04 +0000 Subject: [PATCH] html_escape all exception messages - pass query out-of-band if we want it formatted --- core/database.php | 28 ++++++++++------------------ core/exceptions.php | 5 +++++ core/userclass.php | 2 +- core/util.php | 5 ++++- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/core/database.php b/core/database.php index 535548a7..3576d3a7 100644 --- a/core/database.php +++ b/core/database.php @@ -17,7 +17,7 @@ class Database * @var null|PDO */ private $db = null; - + /** * @var float */ @@ -103,29 +103,21 @@ class Database public function commit(): bool { - if (!is_null($this->db)) { - if ($this->transaction === true) { - $this->transaction = false; - return $this->db->commit(); - } else { - throw new SCoreException("

Database Transaction Error: Unable to call commit() as there is no transaction currently open."); - } + if (!is_null($this->db) && $this->transaction === true) { + $this->transaction = false; + return $this->db->commit(); } else { - throw new SCoreException("

Database Transaction Error: Unable to call commit() as there is no connection currently open."); + throw new SCoreException("Unable to call commit() as there is no transaction currently open."); } } public function rollback(): bool { - if (!is_null($this->db)) { - if ($this->transaction === true) { - $this->transaction = false; - return $this->db->rollback(); - } else { - throw new SCoreException("

Database Transaction Error: Unable to call rollback() as there is no transaction currently open."); - } + if (!is_null($this->db) && $this->transaction === true) { + $this->transaction = false; + return $this->db->rollback(); } else { - throw new SCoreException("

Database Transaction Error: Unable to call rollback() as there is no connection currently open."); + throw new SCoreException("Unable to call rollback() as there is no transaction currently open."); } } @@ -213,7 +205,7 @@ class Database } return $stmt; } catch (PDOException $pdoe) { - throw new SCoreException($pdoe->getMessage()."

Query: ".$query); + throw new SCoreException($pdoe->getMessage(), $query); } } diff --git a/core/exceptions.php b/core/exceptions.php index 736b029e..aab73f32 100644 --- a/core/exceptions.php +++ b/core/exceptions.php @@ -7,6 +7,11 @@ */ class SCoreException extends Exception { + public function __construct(string $msg, ?string $query=null) + { + parent::__construct($msg); + $this->query = $query; + } } /** diff --git a/core/userclass.php b/core/userclass.php index f474d154..233f9e5a 100644 --- a/core/userclass.php +++ b/core/userclass.php @@ -63,7 +63,7 @@ class UserClass $min_ability = $a; } } - throw new SCoreException("Unknown ability '".html_escape($ability)."'. Did the developer mean '".html_escape($min_ability)."'?"); + throw new SCoreException("Unknown ability '$ability'. Did the developer mean '$min_ability'?"); } } } diff --git a/core/util.php b/core/util.php index 4754a96d..3b19218c 100644 --- a/core/util.php +++ b/core/util.php @@ -522,6 +522,8 @@ function _fatal_error(Exception $e): void //$hash = exec("git rev-parse HEAD"); //$h_hash = $hash ? "

Hash: $hash" : ""; //'.$h_hash.' + + $q = (!isset($e->query) || is_null($e->query)) ? "" : "

Query: " . html_escape($e->query); header("HTTP/1.0 500 Internal Error"); echo ' @@ -531,7 +533,8 @@ function _fatal_error(Exception $e): void

Internal Error

-

Message: '.$message.' +

Message: '.html_escape($message).' + '.$q.'

Version: '.$version.' (on '.phpversion().')