From 757017d4efbade5380da762fd38a3ca9e33b9e99 Mon Sep 17 00:00:00 2001 From: laf Date: Sun, 13 Dec 2015 18:31:45 +0000 Subject: [PATCH] For SQL debug, if we see an insert into alert_log with details column then we mask the output --- includes/dbFacile.mysql.php | 7 ++++++- includes/dbFacile.mysqli.php | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/includes/dbFacile.mysql.php b/includes/dbFacile.mysql.php index bdcce1ac1..f2bb56c0b 100644 --- a/includes/dbFacile.mysql.php +++ b/includes/dbFacile.mysql.php @@ -28,7 +28,12 @@ function dbQuery($sql, $parameters=array()) { $fullSql = dbMakeQuery($sql, $parameters); if ($debug) { if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) { - print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + if (preg_match('/(INSERT INTO `alert_log`).*(details)/i',$fullSql)) { + echo "\nINSERT INTO `alert_log` entry masked due to binary data\n"; + } + else { + print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + } } else { $sql_debug[] = $fullSql; diff --git a/includes/dbFacile.mysqli.php b/includes/dbFacile.mysqli.php index 9e49491a6..15a48962c 100644 --- a/includes/dbFacile.mysqli.php +++ b/includes/dbFacile.mysqli.php @@ -28,7 +28,12 @@ function dbQuery($sql, $parameters=array()) { $fullSql = dbMakeQuery($sql, $parameters); if ($debug) { if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) { - print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + if (preg_match('/(INSERT INTO `alert_log`).*(details)/i',$fullSql)) { + echo "\nINSERT INTO `alert_log` entry masked due to binary data\n"; + } + else { + print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + } } else { $sql_debug[] = $fullSql;