- show complete sql error message + path to administrators only (idea from post to bugtraq about SMF)

git-svn-id: file:///svn/phpbb/trunk@5338 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/db/dbal.php

@@ -192,14 +192,26 @@ class dbal
 	*/
 	function sql_error($sql = '')
 	{
+		global $auth, $user;
+
 		$error = $this->_sql_error();
 
 		if (!$this->return_on_error)
 		{
-			$this_page = (isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
-			$this_page .= '&' . ((isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : (isset($_ENV['QUERY_STRING']) ? $_ENV['QUERY_STRING'] : ''));
+			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . '];
 
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . ']<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
+			// Show complete SQL error and path to administrators only
+			if ($auth->acl_get('a_'))
+			{			
+				$this_page = (isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
+				$this_page .= '&' . ((isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : (isset($_ENV['QUERY_STRING']) ? $_ENV['QUERY_STRING'] : ''));
+
+				$message .= '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
+			}
+			else
+			{
+				$message .= '<br /><br />' . $user->lang['SQL_ERROR_OCCURRED'];
+			}
 
 			if ($this->transaction)
 			{