Merge pull request #763 from slaveek/develop

FIX: DB User & Password shown in clear text in error message
panique · Dec 19, 2015 · 7b4ca9c · 7b4ca9c
2 parents fdbbb19 + f99d364
commit 7b4ca9c
Showing 1 changed file with 39 additions and 21 deletions.
diff --git a/application/core/DatabaseFactory.php b/application/core/DatabaseFactory.php
@@ -21,26 +21,44 @@
  */
 class DatabaseFactory
 {
-	private static $factory;
-	private $database;
+    private static $factory;
+    private $database;
 
-	public static function getFactory()
-	{
-		if (!self::$factory) {
-			self::$factory = new DatabaseFactory();
-		}
-		return self::$factory;
-	}
+    public static function getFactory()
+    {
+        if (!self::$factory) {
+            self::$factory = new DatabaseFactory();
+        }
+        return self::$factory;
+    }
 
-	public function getConnection() {
-		if (!$this->database) {
-			$options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING);
-			$this->database = new PDO(
-				Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' .
-				Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'),
-				Config::get('DB_USER'), Config::get('DB_PASS'), $options
-			);
-		}
-		return $this->database;
-	}
-}
+    public function getConnection() {
+        if (!$this->database) {
+
+            /**
+             * Check DB connection in try/catch block. Also when PDO is not constructed properly,
+             * prevent to exposing database host, username and password in plain text as:
+             * PDO->__construct('mysql:host=127....', 'root', '12345678', Array)
+             * by throwing custom error message
+             */
+            try {
+                $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING);
+                $this->database = new PDO(
+                   Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' .
+                   Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'),
+                   Config::get('DB_USER'), Config::get('DB_PASS'), $options
+                   );
+            } catch (PDOException $e) {
+
+                // Echo custom message. Echo error code gives you some info.
+                echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
+                echo 'Error code: ' . $e->getCode();
+
+                // Stop application :(
+                // No connection, reached limit connections etc. so no point to keep it running
+                exit;
+            }
+        }
+        return $this->database;
+    }
+}