#27483 [WFx]: debug_backtrace() file information are realpath()ed
ID: 27483 User updated by: icemaze at tiscalinet dot it Reported By: icemaze at tiscalinet dot it Status: Wont fix Bug Type: Feature/Change Request Operating System: Gentoo GNU/Linux PHP Version: 4.3.4 New Comment: I understand. Thank you for your quick reply! ;) Previous Comments: [2004-03-03 14:27:44] [EMAIL PROTECTED] PHP grabs this information from the compiled script which only knows about the realpath'ed files so I'm afraid that it won't be possible to change. Also, debug_backtrace() is just a debug tool and shouldn't really show it's output on production sites, so I kinda fail to see the usefulness of your proposed change. Derick ---- [2004-03-03 14:23:11] icemaze at tiscalinet dot it Description: When I backtrace my program I usually extract file and line information to print them on screen. I have my webspace in /var/www/localhost/htdocs, so I usually get very long filenames. Then I modified my program to strip $_SERVER['DOCUMENT_ROOT'] from the path. This is useful because you can add "http://www.domain.com/"; and get the file's URI. I also created a symbolic link (/var/www/localhost/htdocs/development => /home/icemaze/development) to be able to test my subversion tree under Apache. And here's the problem: debug_backtrace() returns filenames in the following form: "/home/icemaze/development/index.php" (i.e. as if they had been realpath()ed). This causes problems since I cannot strip "DOCUMENT_ROOT" from them. Besides, I don't want to strip an arbitrary path from them. It would be nice if you could change the behaviour of debug_backtrace() so that it returned untranslated paths (you can always realpath() them manually if you really want to!). Do you think it's possible without too much trouble for you? Are there reasons for which things are as they are? Thank you. -- Edit this bug report at http://bugs.php.net/?id=27483&edit=1
#27483 [NEW]: debug_backtrace() file information are realpath()ed
From: icemaze at tiscalinet dot it Operating system: Gentoo GNU/Linux PHP version: 4.3.4 PHP Bug Type: Feature/Change Request Bug description: debug_backtrace() file information are realpath()ed Description: When I backtrace my program I usually extract file and line information to print them on screen. I have my webspace in /var/www/localhost/htdocs, so I usually get very long filenames. Then I modified my program to strip $_SERVER['DOCUMENT_ROOT'] from the path. This is useful because you can add "http://www.domain.com/"; and get the file's URI. I also created a symbolic link (/var/www/localhost/htdocs/development => /home/icemaze/development) to be able to test my subversion tree under Apache. And here's the problem: debug_backtrace() returns filenames in the following form: "/home/icemaze/development/index.php" (i.e. as if they had been realpath()ed). This causes problems since I cannot strip "DOCUMENT_ROOT" from them. Besides, I don't want to strip an arbitrary path from them. It would be nice if you could change the behaviour of debug_backtrace() so that it returned untranslated paths (you can always realpath() them manually if you really want to!). Do you think it's possible without too much trouble for you? Are there reasons for which things are as they are? Thank you. -- Edit bug report at http://bugs.php.net/?id=27483&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27483&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27483&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27483&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27483&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27483&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27483&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27483&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=27483&r=support Expected behavior: http://bugs.php.net/fix.php?id=27483&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=27483&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=27483&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27483&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27483&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27483&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27483&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=27483&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27483&r=float
#26230 [NEW]: mysql_escape_string() and mysql_real_escape_string() should escape backquotes
From: icemaze at tiscalinet dot it Operating system: Linux 2.6 PHP version: 4.3.3 PHP Bug Type: MySQL related Bug description: mysql_escape_string() and mysql_real_escape_string() should escape backquotes Description: I think mysql_escape_string() and mysql_real_escape_string() should escape backquotes to avoid potential security problems in case an application uses an input field as the name for a table or for a field. So... Reproduce code: --- '$ename'"); @mysql_query("INSERT INTO `$ename` SET `blah`='blah'"); ?> Expected result: '` SET `protectedfield`=1' => '\` SET \`protectedfield \`=1' Actual result: -- '` SET `protectedfield`=1' => '` SET `protectedfield`=1' This way the query modifies a field which was not supposed to be modified. -- Edit bug report at http://bugs.php.net/?id=26230&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26230&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26230&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=26230&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=26230&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=26230&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=26230&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=26230&r=support Expected behavior: http://bugs.php.net/fix.php?id=26230&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=26230&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=26230&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=26230&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26230&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=26230&r=dst IIS Stability: http://bugs.php.net/fix.php?id=26230&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=26230&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=26230&r=float