Commit 7d8c8d72 authored by Gábor Hojtsy's avatar Gábor Hojtsy

#175117 follow up patch by moshe weitzman: sanitize user name, remove t()...

#175117 follow up patch by moshe weitzman: sanitize user name, remove t() because it might not be availabla and comment what is happening
parent 47095ffb
......@@ -133,8 +133,14 @@ function _db_query($query, $debug = 0) {
if (variable_get('dev_query', 0)) {
list($usec, $sec) = explode(' ', microtime());
$timer = (float)$usec + (float)$sec;
// If devel.module query logging is enabled, prepend a comment with the username and calling function
// to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact
// code is issueing the slow query.
$bt = debug_backtrace();
$name = ($user->uid) ? $user->name : variable_get('anonymous', t('Anonymous'));;
// t() may not be available yet so we don't wrap 'Anonymous'.
$name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous');
// str_replace() to prevent SQL injection via username or anonymous name.
$name = str_replace(array('*', '/'), '', $name);
$query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query;
}
......
......@@ -130,8 +130,14 @@ function _db_query($query, $debug = 0) {
if (variable_get('dev_query', 0)) {
list($usec, $sec) = explode(' ', microtime());
$timer = (float)$usec + (float)$sec;
// If devel.module query logging is enabled, prepend a comment with the username and calling function
// to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact
// code is issueing the slow query.
$bt = debug_backtrace();
$name = ($user->uid) ? $user->name : variable_get('anonymous', t('Anonymous'));
// t() may not be available yet so we don't wrap 'Anonymous'
$name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous');
// str_replace() to prevent SQL injection via username or anonymous name.
$name = str_replace(array('*', '/'), '', $name);
$query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment