diff --git a/htdocs/init.php b/htdocs/init.php index 082764f2966a73f3b57567f3232f94102a666fc3..e1d549388e76b0ac45c24a412f34e427f1bbff6b 100644 --- a/htdocs/init.php +++ b/htdocs/init.php @@ -322,6 +322,9 @@ if (!get_config('productionmode')) { $CFG->developermode = DEVMODE_DEBUGCSS | DEVMODE_UNPACKEDJS; $CFG->perftofoot = true; $CFG->nocache = true; + if ($CFG->log_backtrace_print_args === null) { + $CFG->log_backtrace_print_args = true; + } } if (get_config('installed')) { diff --git a/htdocs/lib/config-defaults.php b/htdocs/lib/config-defaults.php index 0ef595e3e30b5943f3cea93f55297d5548229825..29fb3281cdf2f84e5276512d3533e7198bfdef19 100644 --- a/htdocs/lib/config-defaults.php +++ b/htdocs/lib/config-defaults.php @@ -110,6 +110,20 @@ $cfg->log_environ_targets = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG; */ $cfg->log_backtrace_levels = LOG_LEVEL_WARN | LOG_LEVEL_ENVIRON; + +/** + * @global boolean $cfg->log_backtrace_print_args Whether or not to print the values of function & method + * arguments when printing a backtrace. This can be useful for debugging, but it is a mild security risk, + * because function parameters may include sensitive data such as passwords and private keys. (Though + * arguments whose names suggest that they contain passwords, will still be blanked out even if this + * feature is enabled.) + * + * A NULL value here tells Mahara to hide argument values when $cfg->productionmode is enabled, and to + * show them otherwise. A TRUE or FALSE tells Mahara to always show/hide argument values in backtraces + * regardless of the value of $cfg->productionmode. + */ +$cfg->log_backtrace_print_args = null; + /** * @global int $cfg->error_reporting What level of errors to print to the Mahara logs. Gets passed directly * to the PHP function "error_reporting()". diff --git a/htdocs/lib/errors.php b/htdocs/lib/errors.php index 66d29613b16e6f0355ba0ed0cee720804076b102..2320fe34d89d4fa480ae629434771246a1c2d5c5 100644 --- a/htdocs/lib/errors.php +++ b/htdocs/lib/errors.php @@ -288,6 +288,7 @@ function log_message ($message, $loglevel, $escape, $backtrace, $file=null, $lin * @access private */ function log_build_backtrace($backtrace) { + global $CFG; $calls = array(); // Remove the call to log_message @@ -306,6 +307,19 @@ function log_build_backtrace($backtrace) { $args = ''; if ($bt['args']) { + // Determine whether or not to print the values of the function's + // arguments (which may contain sensitive data). + // Still always print the values of the "include" pseudofunctions, + // though, so the stacktrace will make sense. + $showvalues = ($CFG->log_backtrace_print_args === true || in_array( + $bt['function'], + array( + 'require', + 'include', + 'require_once', + 'include_once' + ) + )); foreach ($bt['args'] as $arg) { if (!empty($args)) { $args .= ', '; @@ -313,11 +327,21 @@ function log_build_backtrace($backtrace) { switch (gettype($arg)) { case 'integer': case 'double': - $args .= $arg; + if ($showvalues) { + $args .= $arg; + } + else { + $args .= (gettype($arg)); + } break; case 'string': - $arg = substr($arg, 0, 50) . ((strlen($arg) > 50) ? '...' : ''); - $args .= '"' . $arg . '"'; + if ($showvalues) { + $arg = substr($arg, 0, 50) . ((strlen($arg) > 50) ? '...' : ''); + $args .= '"' . $arg . '"'; + } + else { + $args .= 'string(size ' . strlen($arg) . ')'; + } break; case 'array': $args .= 'array(size ' . count($arg) . ')';