MPZinke
commented
4 years ago SQL issues #29, #30 were implemented into one branch #30-SQL-Protection. Currently waiting testing ("may the odds be ever in your favor")
Open FabosaurusRex opened 4 years ago
MPZinke
commented
4 years ago SQL issues #29, #30 were implemented into one branch #30-SQL-Protection. Currently waiting testing ("may the odds be ever in your favor")
FabosaurusRex
commented
4 years ago Needs to be fixed and ready for testing by Oct. 12.
FabosaurusRex
commented
4 years ago Loading code branch onto Dev server causes crash. Error log contents:
15:46:07.786510 2020] [proxy_fcgi:error] [pid 29121] [client 129.107.71.214:41182] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n' [Tue Oct 13 15:46:12.862093 2020] [proxy_fcgi:error] [pid 29121] [client 129.107.71.214:41416] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n' [Tue Oct 13 15:46:12.903812 2020] [proxy_fcgi:error] [pid 17086] [client 129.107.71.214:41422] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n' [Tue Oct 13 15:47:07.391615 2020] [proxy_fcgi:error] [pid 17042] [client 129.107.153.185:64969] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n', referer: https://fabapp-dev.uta.edu/index.php
MPZinke
commented
4 years ago Another Local-Dev vs Dev server incompatibility.
On Dev-server, assert functions cannot receive declarations as a check (EG assert($foo = bar()); is invalid.
All asserts have been changed so that they receive a single variable and declarations occur prior to assert call.
MPZinke
commented
2 years ago What is the status of this? Is any additional help needed?
Swap SQL queries to prepared statements wherever possible to harden against SQL injections.