diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index 72cb2ac043..27d1afc104 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -41,16 +41,21 @@ public static function dump($value, $length=128, $max_level=5) { * data, such as session ids and passwords / hashes. */ public static function safe_dump($value, $key, $length=128, $max_level=5) { - return parent::dump(self::_sanitize_for_dump($value, $key), $length, $max_level); + return parent::dump(self::_sanitize_for_dump($value, $key, $max_level), $length, $max_level); } /** * Elides sensitive data which shouldn't be echoed to the client, * such as passwords, and other secrets. */ - /* Visible for testing*/ static function _sanitize_for_dump($value, $key=null) { + /* Visible for testing*/ static function _sanitize_for_dump($value, $key=null, $max_level) { // Better elide too much than letting something through. // Note: unanchored match is intended. + if (!$max_level) { + // Too much recursion; give up. We gave it our best shot. + return $value; + } + $sensitive_info_pattern = '/(password|pass|email|hash|private_key|session_id|session|g3sid|csrf|secret)/i'; if (preg_match($sensitive_info_pattern, $key) || @@ -63,7 +68,7 @@ public static function safe_dump($value, $key, $length=128, $max_level=5) { } else if ($value instanceof User_Model) { return get_class($value) . ' object for "' . $value->name . '" - details omitted for display'; } - return self::_sanitize_for_dump((array) $value, $key); + return self::_sanitize_for_dump((array) $value, $key, $max_level - 1); } else if (is_array($value)) { $result = array(); foreach ($value as $k => $v) { @@ -78,7 +83,7 @@ public static function safe_dump($value, $key, $length=128, $max_level=5) { if (is_object($v)) { $key_for_display .= ' (type: ' . get_class($v) . ')'; } - $result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key); + $result[$key_for_display] = self::_sanitize_for_dump($v, $actual_key, $max_level - 1); } } else { $result = $value;