Fixes #2591 removing newlines in queries - thanks to Tachyon

git-svn-id: http://code.elgg.org/elgg/trunk@8869 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/engine/lib/database.php b/engine/lib/database.php
index fa5b4a894e36b7b40566f3f675ea28412e07dc48..a9c4017a02518adf635ab9ceca2a6408d4340a57 100644 (file)
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -250,6 +250,12 @@ function explain_query($query, $link) {
 function execute_query($query, $dblink) {
        global $CONFIG, $dbcalls;
 
+       // remove newlines so logs are easier to read
+       $query = preg_replace("/[\r\n]/", "", $query);
+       if ($query == NULL) {
+               throw new DatabaseException(elgg_echo('DatabaseException:InvalidQuery'));
+       }
+
        $dbcalls++;
 
        $result = mysql_query($query, $dblink);

diff --git a/languages/en.php b/languages/en.php
index 12e9782a55d16f95d169eb58974e19ef8345ace7..f5b7f2287d96a583c3e3c6505f4455ea58512ef2 100644 (file)
--- a/languages/en.php
+++ b/languages/en.php
@@ -54,6 +54,7 @@ $english = array(
        'SecurityException:FunctionDenied' => "Access to privileged function '%s' is denied.",
        'DatabaseException:DBSetupIssues' => "There were a number of issues: ",
        'DatabaseException:ScriptNotFound' => "Elgg couldn't find the requested database script at %s.",
+       'DatabaseException:InvalidQuery' => "Invalid query",
 
        'IOException:FailedToLoadGUID' => "Failed to load new %s from GUID:%d",
        'InvalidParameterException:NonElggObject' => "Passing a non-ElggObject to an ElggObject constructor!",