Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

ENHANCEMENT Allowing filtered arguments on specific functions like my…

…sql_connect() in SS_Backtrace
  • Loading branch information...
commit 9d344a07d34f43ec2c8bc4b8e50fddbf95f4505d 1 parent 1704e42
@chillu chillu authored
Showing with 93 additions and 0 deletions.
  1. +45 −0 dev/Backtrace.php
  2. +48 −0 tests/dev/BacktraceTest.php
View
45 dev/Backtrace.php
@@ -6,6 +6,36 @@
class SS_Backtrace {
/**
+ * @var array Replaces all arguments with a '<filtered>' string,
+ * mostly for security reasons. Use string values for global functions,
+ * and array notation for class methods.
+ * PHP's debug_backtrace() doesn't allow to inspect the argument names,
+ * so all arguments of the provided functions will be filtered out.
+ */
+ static $ignore_function_args = array(
+ 'mysql_connect',
+ 'mssql_connect',
+ 'pg_connect',
+ array('DB', 'connect'),
+ array('Security', 'check_default_admin'),
+ array('Security', 'encrypt_password'),
+ array('Security', 'setDefaultAdmin'),
+ array('DB', 'createDatabase'),
+ array('Member', 'checkPassword'),
+ array('Member', 'changePassword'),
+ array('MemberPassword', 'checkPassword'),
+ array('PasswordValidator', 'validate'),
+ array('PasswordEncryptor_PHPHash', 'encrypt'),
+ array('PasswordEncryptor_PHPHash', 'salt'),
+ array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
+ array('PasswordEncryptor_LegacyPHPHash', 'salt'),
+ array('PasswordEncryptor_MySQLPassword', 'encrypt'),
+ array('PasswordEncryptor_MySQLPassword', 'salt'),
+ array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
+ array('PasswordEncryptor_MySQLOldPassword', 'salt'),
+ );
+
+ /**
* Return debug_backtrace() results with functions filtered
* specific to the debugging system, and not the trace.
*
@@ -53,6 +83,21 @@ static function filter_backtrace($bt, $ignoredFunctions = null) {
array_shift($bt);
}
+ // Filter out arguments
+ foreach($bt as $i => $frame) {
+ $match = false;
+ if(@$bt[$i]['class']) {
+ foreach(self::$ignore_function_args as $fnSpec) {
+ if(is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) $match = true;
+ }
+ } else {
+ if(in_array($bt[$i]['function'], self::$ignore_function_args)) $match = true;
+ }
+ if($match) {
+ foreach($bt[$i]['args'] as $j => $arg) $bt[$i]['args'][$j] = '<filtered>';
+ }
+ }
+
return $bt;
}
View
48 tests/dev/BacktraceTest.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * @package sapphire
+ * @subpackage tests
+ */
+class BacktraceTest extends SapphireTest {
+
+ function testIgnoredFunctionArgs() {
+ $orig = SS_Backtrace::$ignore_function_args;
+
+ $bt = array(
+ array(
+ 'type' => '->',
+ 'file' => 'MyFile.php',
+ 'line' => 99,
+ 'function' => 'myIgnoredGlobalFunction',
+ 'args' => array('password' => 'secred',)
+ ),
+ array(
+ 'class' => 'MyClass',
+ 'type' => '->',
+ 'file' => 'MyFile.php',
+ 'line' => 99,
+ 'function' => 'myIgnoredClassFunction',
+ 'args' => array('password' => 'secred',)
+ ),
+ array(
+ 'class' => 'MyClass',
+ 'type' => '->',
+ 'file' => 'MyFile.php',
+ 'line' => 99,
+ 'function' => 'myFunction',
+ 'args' => array('myarg' => 'myval')
+ )
+ );
+ SS_Backtrace::$ignore_function_args[] = array('MyClass', 'myIgnoredClassFunction');
+ SS_Backtrace::$ignore_function_args[] = 'myIgnoredGlobalFunction';
+
+ $filtered = SS_Backtrace::filter_backtrace($bt);
+
+ $this->assertEquals('<filtered>', $filtered[0]['args']['password'], 'Filters global functions');
+ $this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
+ $this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
+
+ SS_Backtrace::$ignore_function_args = $orig;
+ }
+
+}
Please sign in to comment.
Something went wrong with that request. Please try again.