39798a5e2338169deaf8d4e8258db07f045148af galt Mon Jun 3 20:51:21 2013 -0700 adding support for logOnly setting diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c index d22f064..f652b45 100644 --- src/hg/lib/jksql.c +++ src/hg/lib/jksql.c @@ -3477,59 +3477,64 @@ /* Create a dyString with a printf style initial content * Makes sure the NOSQLINJ prefix gets added if needed */ { int len = strlen(format) * 3; struct dyString *ds = newDyString(len); va_list args; va_start(args, format); sqlDyStringVaPrintf(ds, format, args); va_end(args); return ds; } void sqlCheckError(char *format, ...) /* A sql injection error has occurred. Check for settings and respond - * as appropriate with error, warning, ignore, dumpstack. + * as appropriate with error, warning, logOnly, ignore, dumpstack. * Then abort if needed. NOTE: unless it aborts, this function will return! */ { va_list args; va_start(args, format); char *noSqlInjLevel = cfgOption("noSqlInj.level"); char *noSqlInjDumpStack = cfgOption("noSqlInj.dumpStack"); char *browserDumpStack = cfgOption("browser.dumpStack"); char *scriptName = cgiScriptName(); if (noSqlInjLevel) { // don't dump if if we are going to do it during errAbort anyway if (sameOk(noSqlInjDumpStack, "on") && (!(sameString(noSqlInjLevel, "abort") && cgiIsOnWeb() && sameOk(browserDumpStack, "on")) || endsWith(scriptName, "hgSuggest") ) // note: this doesn't work for hgSuggest because it doesn't set the dumpStack handler. // TODO find or add a better method to tell if it would already dumpStack on abort. ) { va_list dump_args; va_copy(dump_args, args); vaDumpStack(format, dump_args); va_end(dump_args); } + if (sameString(noSqlInjLevel, "logOnly")) + { + vfprintf(stderr, format, args); + } + if (sameString(noSqlInjLevel, "warn")) { vaWarn(format, args); } if (sameString(noSqlInjLevel, "abort")) { vaErrAbort(format, args); } } va_end(args); }