#27483 [WFx]: debug_backtrace() file information are realpath()ed
ID: 27483 User updated by: icemaze at tiscalinet dot it Reported By: icemaze at tiscalinet dot it Status: Wont fix Bug Type: Feature/Change Request Operating System: Gentoo GNU/Linux PHP Version: 4.3.4 New Comment: I understand. Thank you for your quick reply! ;) Previous Comments: [2004-03-03 14:27:44] [EMAIL PROTECTED] PHP grabs this information from the compiled script which only knows about the realpath'ed files so I'm afraid that it won't be possible to change. Also, debug_backtrace() is just a debug tool and shouldn't really show it's output on production sites, so I kinda fail to see the usefulness of your proposed change. Derick ---- [2004-03-03 14:23:11] icemaze at tiscalinet dot it Description: When I backtrace my program I usually extract file and line information to print them on screen. I have my webspace in /var/www/localhost/htdocs, so I usually get very long filenames. Then I modified my program to strip $_SERVER['DOCUMENT_ROOT'] from the path. This is useful because you can add "http://www.domain.com/"; and get the file's URI. I also created a symbolic link (/var/www/localhost/htdocs/development => /home/icemaze/development) to be able to test my subversion tree under Apache. And here's the problem: debug_backtrace() returns filenames in the following form: "/home/icemaze/development/index.php" (i.e. as if they had been realpath()ed). This causes problems since I cannot strip "DOCUMENT_ROOT" from them. Besides, I don't want to strip an arbitrary path from them. It would be nice if you could change the behaviour of debug_backtrace() so that it returned untranslated paths (you can always realpath() them manually if you really want to!). Do you think it's possible without too much trouble for you? Are there reasons for which things are as they are? Thank you. -- Edit this bug report at http://bugs.php.net/?id=27483&edit=1
#27483 [NEW]: debug_backtrace() file information are realpath()ed
From: icemaze at tiscalinet dot it Operating system: Gentoo GNU/Linux PHP version: 4.3.4 PHP Bug Type: Feature/Change Request Bug description: debug_backtrace() file information are realpath()ed Description: When I backtrace my program I usually extract file and line information to print them on screen. I have my webspace in /var/www/localhost/htdocs, so I usually get very long filenames. Then I modified my program to strip $_SERVER['DOCUMENT_ROOT'] from the path. This is useful because you can add "http://www.domain.com/"; and get the file's URI. I also created a symbolic link (/var/www/localhost/htdocs/development => /home/icemaze/development) to be able to test my subversion tree under Apache. And here's the problem: debug_backtrace() returns filenames in the following form: "/home/icemaze/development/index.php" (i.e. as if they had been realpath()ed). This causes problems since I cannot strip "DOCUMENT_ROOT" from them. Besides, I don't want to strip an arbitrary path from them. It would be nice if you could change the behaviour of debug_backtrace() so that it returned untranslated paths (you can always realpath() them manually if you really want to!). Do you think it's possible without too much trouble for you? Are there reasons for which things are as they are? Thank you. -- Edit bug report at http://bugs.php.net/?id=27483&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27483&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27483&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27483&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27483&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27483&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27483&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27483&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=27483&r=support Expected behavior: http://bugs.php.net/fix.php?id=27483&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=27483&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=27483&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27483&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27483&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27483&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27483&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=27483&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27483&r=float
#26230 [NEW]: mysql_escape_string() and mysql_real_escape_string() should escape backquotes
From: icemaze at tiscalinet dot it
Operating system: Linux 2.6
PHP version: 4.3.3
PHP Bug Type: MySQL related
Bug description: mysql_escape_string() and mysql_real_escape_string() should escape
backquotes
Description:
I think mysql_escape_string() and
mysql_real_escape_string() should escape backquotes to
avoid potential security problems in case an application
uses an input field as the name for a table or for a
field. So...
Reproduce code:
---
'$ename'");
@mysql_query("INSERT INTO `$ename` SET `blah`='blah'");
?>
Expected result:
'` SET `protectedfield`=1' => '\` SET \`protectedfield
\`=1'
Actual result:
--
'` SET `protectedfield`=1' => '` SET `protectedfield`=1'
This way the query modifies a field which was not supposed
to be modified.
--
Edit bug report at http://bugs.php.net/?id=26230&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26230&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26230&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26230&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26230&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26230&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=26230&r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=26230&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26230&r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=26230&r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=26230&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26230&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26230&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26230&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26230&r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=26230&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26230&r=float
