function security_review_check_query_errors in Security Review 6
Same name and namespace in other branches
- 7 security_review.inc \security_review_check_query_errors()
1 call to security_review_check_query_errors()
1 string reference to 'security_review_check_query_errors'
- _security_review_security_checks in ./
security_review.inc - Checks for security_review_security_checks() or security_review_get_checks().
File
- ./
security_review.inc, line 438 - Stand-alone security checks and review system.
Code
function security_review_check_query_errors($last_check = NULL) {
$timestamp = NULL;
$check_result_value = array();
$sql = "SELECT message, hostname FROM {watchdog} WHERE type = 'php' AND severity = %d";
if (!is_null($last_check)) {
$sql .= " AND timestamp >= %d";
$timestamp = $last_check['lastrun'];
}
$results = db_query($sql, WATCHDOG_ERROR, $timestamp);
while ($row = db_fetch_array($results)) {
if (strpos($row['message'], 'SELECT') !== FALSE) {
$entries[$row['hostname']][] = $row;
}
}
$result = TRUE;
if (!empty($entries)) {
foreach ($entries as $ip => $records) {
if (count($records) > 10) {
$check_result_value[] = $ip;
}
}
}
if (!empty($check_result_value)) {
$result = FALSE;
}
else {
// Rather than worrying the user about the idea of query errors we skip reporting a pass.
$result = NULL;
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}