I'm currently using Joomla and we have a small security vulnerability in our URI. Currently, it displays the Exception/Error directly to the user like so:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line
which I feel is a SQL injection risk.
How would I just go ahead and force all exceptions/errors to redirect to the home page? This error can only happen if someone directly manipulates the URI and not through clicking the page.
If it helps, I believe this problem is caused by a component we're using that's directly querying with the URI instead of using prepared statements, but I can't seem to pinpoint where it is.
If this is returning a proper exception in Joomla! and sending you to Joomla!'s 500 error output, you should be able to intercept it from within the error.php file in your template (/templates/yourtemplate/error.php).
If this file does not already exist you can simply create it, but be aware that it will take on responsibility for all the exceptions so a 404 will render through this file, for that reason you would want to make sure it formats well.
To catch your 500 error and redirect it to your home page it should be as simple as adding the following code just below the 'defined( '_JEXEC' ) or die;' statement.
if($this->error->getCode() == 500){
header("Location: " . $this->baseurl);
die();
}
You could go into more detail and only redirect if the error message contains a reference to SQL but I'd say from your description you don't really want any custom 500 error messages to display, so you can redirect everything.
Hope this helps. KevBallard