Skip to content

Commit

Permalink
Add a max_level to _sanitize_for_dump() so that we don't blow the stack.
Browse files Browse the repository at this point in the history
  • Loading branch information
@bharat
bharat committed Aug 8, 2010
1 parent c6ca773 commit 1abf43d
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions modules/gallery/libraries/MY_Kohana_Exception.php
View file
Expand Up @@ -41,16 +41,21 @@ public static function dump($value, $length=128, $max_level=5) {
* data, such as session ids and passwords / hashes.
*/
public static function safe_dump($value, $key, $length=128, $max_level=5) {
return parent::dump(self::_sanitize_for_dump($value, $key), $length, $max_level);
return parent::dump(self::_sanitize_for_dump($value, $key, $max_level), $length, $max_level);
}

/**
* Elides sensitive data which shouldn't be echoed to the client,
* such as passwords, and other secrets.
*/
/* Visible for testing*/ static function _sanitize_for_dump($value, $key=null) {
/* Visible for testing*/ static function _sanitize_for_dump($value, $key=null, $max_level) {
// Better elide too much than letting something through.
// Note: unanchored match is intended.
if (!$max_level) {
// Too much recursion; give up. We gave it our best shot.
return $value;
}

$sensitive_info_pattern =
'/(password|pass|email|hash|private_key|session_id|session|g3sid|csrf|secret)/i';
if (preg_match($sensitive_info_pattern, $key) ||
Expand All @@ -63,7 +68,7 @@ public static function safe_dump($value, $key, $length=128, $max_level=5) {
} else if ($value instanceof User_Model) {
return get_class($value) . ' object for "' . $value->name . '" - details omitted for display';
}
return self::_sanitize_for_dump((array) $value, $key);
return self::_sanitize_for_dump((array) $value, $key, $max_level - 1);
} else if (is_array($value)) {
$result = array();
foreach ($value as $k => $v) {
Expand All @@ -78,7 +83,7 @@ public static function safe_dump($value, $key, $length=128, $max_level=5) {
if (is_object($v)) {
$key_for_display .= ' (type: ' . get_class($v) . ')';
}
$result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key);
$result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key, $max_level - 1);
}
} else {
$result = $value;
Expand Down

0 comments on commit 1abf43d

Please sign in to comment.