Related Issue/Discussion #22137

Summary of Changes

Harden sql log files in Joomla 3 like other log files.
Let plugin "System - Log Rotation" delete and versioning sql log files, too

Add php filename extension to sql log files (before: *.sql; after: *.sql.php)
Add <?php die('Forbidden.'); ?> to these files, too, to protect them.

Testing Instructions

• Install current staging. (= Joomla 3.9)

• Have always a look on your logs directory to see what happens. And delete everything in it before you start.

• To have an eye on the file timestamps during testing could also help a bit.

• Activate plugin "System - Debug" with ALL options. Especially Log Executed Queries : YES.

• Activate Debug (System) in Global Configuration.

• Reload some pages.

• In your logs directory you'll find some files with filename extension sql

• Check that you can display them in your browser by just calling them via address bar.

• Then activate plugin "System - Log Rotation". And set option Maximum Logs : 2.
  And Log Rotation (in days) : 0

• Reload some pages and every page 3 times or more often.

• In your logs directory you'll find files with a leading version number in filenames and one per group without. E.g. group
  1.deprecated.php
2.deprecated.php
deprecated.php (newest version)

BUT only php files NOT sql files. Because Log Rotator ignores them.

• Apply patch
• Clear your logs directory
• Test again.

Expected but not actual result

• New plugin "System - Log Rotation" deletes sql log files, too.
• New plugin "System - Log Rotation" is versioning sql log files, too.
• No chance to simply display log files in browser.