Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
0d92a07a
Commit
0d92a07a
authored
Apr 22, 2016
by
Robert Lyon
Committed by
Gerrit Code Review
Apr 22, 2016
Browse files
Merge "Bug 1567186: More thorough checking for passwords in stacktraces" into 15.10_STABLE
parents
96cec2bd
0d45baa3
Changes
1
Hide whitespace changes
Inline
Side-by-side
htdocs/lib/errors.php
View file @
0d92a07a
...
...
@@ -296,12 +296,10 @@ function log_build_backtrace($backtrace) {
//array_shift($backtrace);
foreach
(
$backtrace
as
$bt
)
{
// Change password in args for LiveUser object to 8 stars
if
(
!
empty
(
$bt
[
'class'
])
&&
(
$bt
[
'class'
]
==
'LiveUser'
||
$bt
[
'class'
]
==
'AuthLdap'
))
{
if
(
!
empty
(
$bt
[
'args'
][
1
]))
{
$bt
[
'args'
][
1
]
=
str_repeat
(
'*'
,
8
);
}
}
// Blank out any passwords from the logs
censor_password_parameters
(
$bt
);
$bt
[
'file'
]
=
(
isset
(
$bt
[
'file'
]))
?
$bt
[
'file'
]
:
'Unknown'
;
$bt
[
'line'
]
=
(
isset
(
$bt
[
'line'
]))
?
$bt
[
'line'
]
:
0
;
$bt
[
'class'
]
=
(
isset
(
$bt
[
'class'
]))
?
$bt
[
'class'
]
:
''
;
...
...
@@ -368,6 +366,58 @@ function log_build_backtrace($backtrace) {
return
array
(
$textmessage
,
$htmlmessage
);
}
/**
* Detects whether a backtrace line contains a function call with password parameters in it.
* Replaces the value of any password params with "********" so that passwords won't be
* printed in the logs or error messages.
*
* This function assumes any parameter with a name that contains "password" or "pw"
* is a password.
*
* @param array &$backtraceline An entry in the array returned by debug_backtrace()
* @return void
*/
function
censor_password_parameters
(
&
$backtraceline
)
{
if
(
isset
(
$backtraceline
[
'function'
]))
{
try
{
if
(
isset
(
$backtraceline
[
'class'
]))
{
$refClass
=
new
ReflectionClass
(
$backtraceline
[
'class'
]);
$refFunc
=
$refClass
->
getMethod
(
$backtraceline
[
'function'
]);
}
else
{
// Function-like "language constructs" such as "require" and "echo"
// are listed as a function by debug_backtrace(), but can't be
// reflected.
if
(
!
function_exists
(
$backtraceline
[
'function'
]))
{
return
;
}
$refFunc
=
new
ReflectionFunction
(
$backtraceline
[
'function'
]);
}
foreach
(
$refFunc
->
getParameters
()
as
$param
)
{
$name
=
strtolower
(
$param
->
getName
());
if
(
strpos
(
$name
,
'password'
)
!==
false
||
strpos
(
$name
,
'pw'
)
!==
false
)
{
$i
=
$param
->
getPosition
();
if
(
isset
(
$backtraceline
[
'args'
][
$i
]))
{
$backtraceline
[
'args'
][
$i
]
=
'********'
;
}
}
}
return
;
}
catch
(
ReflectionException
$re
)
{
// Don't want a failure here to totally prevent logging.
return
;
}
}
return
;
}
/**
* Ends the script with an informational message
*
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment