You are here

function security_review_check_query_errors in Security Review 6

Same name and namespace in other branches
  1. 7 security_review.inc \security_review_check_query_errors()
1 call to security_review_check_query_errors()
security_review_check_query_errors_help in ./security_review.help.inc
1 string reference to 'security_review_check_query_errors'
_security_review_security_checks in ./security_review.inc
Checks for security_review_security_checks() or security_review_get_checks().

File

./security_review.inc, line 438
Stand-alone security checks and review system.

Code

function security_review_check_query_errors($last_check = NULL) {
  $timestamp = NULL;
  $check_result_value = array();
  $sql = "SELECT message, hostname FROM {watchdog} WHERE type = 'php' AND severity = %d";
  if (!is_null($last_check)) {
    $sql .= " AND timestamp >= %d";
    $timestamp = $last_check['lastrun'];
  }
  $results = db_query($sql, WATCHDOG_ERROR, $timestamp);
  while ($row = db_fetch_array($results)) {
    if (strpos($row['message'], 'SELECT') !== FALSE) {
      $entries[$row['hostname']][] = $row;
    }
  }
  $result = TRUE;
  if (!empty($entries)) {
    foreach ($entries as $ip => $records) {
      if (count($records) > 10) {
        $check_result_value[] = $ip;
      }
    }
  }
  if (!empty($check_result_value)) {
    $result = FALSE;
  }
  else {

    // Rather than worrying the user about the idea of query errors we skip reporting a pass.
    $result = NULL;
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}