Do not include the SQL query in the Exception message

[mbabker]

Summary of Changes

Including the SQL query in the Exception message is a mild information disclosure in that it displays to the user the failed SQL query and exposes information about the database structure. This PR removes the query from the Exception message retaining only the engine's error message.

The JDatabaseExceptionExecuting object has a $query property (accessible via getQuery()) that contains the failed SQL query. For debugging purposes, if you need access to the failed query, you should extract it from the Exception's property versus relying on the message.

Testing Instructions

Create a query failure that triggers the error page. Pre-patch, the error message will contain the query. Post-patch, it will not.

Documentation Changes Required

Note that the query is not exposed as part of the Exception message any longer, developers must read it from the JDatabaseExceptionExecuting object's $query property.

[fastslack]

@test I used a cli script to test this and works as expected using MySQL database.

Executed script before patch:

$ ./Issue13356
Unknown column 'noexists' in 'where clause' SQL=SELECT * FROM #__users WHERE noexists = 0

Executed script after patch:

$ ./Issue13356
Unknown column 'noexists' in 'where clause'

Script used here: https://github.com/fastslack/joomla-cli-tools/blob/master/JoomlaTests/issue-13356/Issue13356

[bembelimen]

I have tested this item ✅ successfully on 65ea823

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13356.}

[alikon]

as we have removed the $query param from getErrorMessage()
we don't need to pass when calling that function see

• https://github.com/mbabker/joomla-cms/blob/65ea823804a0a769654ad73264fa619cd1846fc8/libraries/joomla/database/driver/postgresql.php#L754

• https://github.com/mbabker/joomla-cms/blob/65ea823804a0a769654ad73264fa619cd1846fc8/libraries/joomla/database/driver/postgresql.php#L739

[alikon]

same as #10949

[mbabker]

Didn't remember that was there. Either way the change needs to be merged in sooner than later. I don't know why there's a bad test on that other PR because there is no code change to duplicate the error output.

[ralain]

I have tested this item ✅ successfully on 5386864

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13356.}

[alikon]

fully agree, i close mine in favour of this one.

p.s.
the bad test on the other one should be because of the tested query was executed twice

[alikon]

I have tested this item ✅ successfully on 5386864

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13356.}

[jeckodevelopment]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13356.}