system
(system)
December 3, 2013, 9:57pm
1
yehster wrote on Tuesday, December 03, 2013 :
When the installer class runs the queries to setup the database, if any of the queries fails, it doesn’t report an error and simply continues silently.
The return value from execute_sql is not checked
foreach ($grparr as $fldid => $fldarr) {
list($fldname, $fldtype, $flddef, $flddesc) = $fldarr;
if (is_array($fldtype) || substr($fldtype, 0, 2) !== 'm_') {
$res = $this->execute_sql("SELECT count(*) AS count FROM globals WHERE gl_name = '" . $this->escapeSql($fldid) . "'");
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if (empty($row['count'])) {
$this->execute_sql("INSERT INTO globals ( gl_name, gl_index, gl_value ) " .
"VALUES ( '" . $this->escapeSql($fldid) . "', '0', '" . $this->escapeSql($flddef) . "' )");
}
}
}
}
return true;
}
public function install_gacl()
{
$install_results_1 = $this->get_require_contents($this->gaclSetupScript1);
if (! $install_results_1) {
$this->error_message = "install_gacl failed: unable to require gacl script 1";
This masks any potential syntax bugs in the database.sql file.