Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/dbal.php
changeset 681 424ea7aac0ca
parent 636 c9ea830a211f
child 685 17ebe24cdf85
equal deleted inserted replaced
680:4cc27e7abd60 681:424ea7aac0ca 
   265     if ( $log_query || defined('ENANO_DEBUG') )
 
   265     if ( $log_query || defined('ENANO_DEBUG') )
 
   266     {
 
   266     {
 
   267       if ( !$this->check_query($q) )
 
   267       if ( !$this->check_query($q) )
 
   268       {
 
   268       {
 
   269         $this->report_query($q);
 
   269         $this->report_query($q);
 
   270         grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
 
   270         $debug = ( defined('ENANO_DEBUG') ) ? '<p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>' : '';
 
       
   271         grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p>' . $debug);
 
   271       }
 
   272       }
 
   272     }
 
   273     }
 
   273     
   274     
   274     $r = mysql_query($q, $this->_conn);
 
   275     $r = mysql_query($q, $this->_conn);
 
   275     
   276     
   298     }
 
   299     }
 
   299     // Does this query look malicious?
 
   300     // Does this query look malicious?
 
   300     if ( !$this->check_query($q) )
 
   301     if ( !$this->check_query($q) )
 
   301     {
 
   302     {
 
   302       $this->report_query($q);
 
   303       $this->report_query($q);
 
   303       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
 
   304       $debug = ( defined('ENANO_DEBUG') ) ? '<p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>' : '';
 
       
   305       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p>' . $debug);
 
   304     }
 
   306     }
 
   305     
   307     
   306     $time_start = microtime_float();
 
   308     $time_start = microtime_float();
 
   307     $r = mysql_unbuffered_query($q, $this->_conn);
 
   309     $r = @mysql_unbuffered_query($q, $this->_conn);
 
   308     $this->query_times[$q] = microtime_float() - $time_start;
 
   310     $this->query_times[$q] = microtime_float() - $time_start;
 
   309     $this->latest_result = $r;
 
   311     $this->latest_result = $r;
 
   310     $this->disable_errorhandler();
 
   312     $this->disable_errorhandler();
 
   311     return $r;
 
   313     return $r;
 
   312   }
 
   314   }
Enano CMS (1.1.x)