From 8703839eb142ba0414f4d84f885ff898c39d6786 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <git@hens.by>
Date: Sat, 14 Jul 2018 19:30:29 +0100
Subject: [PATCH] FIX updateValidatePassword calls need to be masked from
 backtraces

---
 src/Dev/Backtrace.php           |  6 ++++-
 tests/php/Dev/BacktraceTest.php | 41 +++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/src/Dev/Backtrace.php b/src/Dev/Backtrace.php
index 756945c52..daceca751 100644
--- a/src/Dev/Backtrace.php
+++ b/src/Dev/Backtrace.php
@@ -45,6 +45,7 @@ class Backtrace
         array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
         array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
         array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
+        array('*', 'updateValidatePassword'),
     );
 
     /**
@@ -106,7 +107,10 @@ class Backtrace
             $match = false;
             if (!empty($bt[$i]['class'])) {
                 foreach ($ignoredArgs as $fnSpec) {
-                    if (is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) {
+                    if (is_array($fnSpec) &&
+                        ('*' == $fnSpec[0] || $bt[$i]['class'] == $fnSpec[0]) &&
+                        $bt[$i]['function'] == $fnSpec[1]
+                    ) {
                         $match = true;
                     }
                 }
diff --git a/tests/php/Dev/BacktraceTest.php b/tests/php/Dev/BacktraceTest.php
index 8a7f476f8..c10e47e79 100644
--- a/tests/php/Dev/BacktraceTest.php
+++ b/tests/php/Dev/BacktraceTest.php
@@ -68,4 +68,45 @@ class BacktraceTest extends SapphireTest
         $this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
         $this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
     }
+
+    public function testFilteredWildCard()
+    {
+        $bt = array(
+            array(
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myIgnoredGlobalFunction',
+                'args' => array('password' => 'secred',)
+            ),
+            array(
+                'class' => 'MyClass',
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myIgnoredClassFunction',
+                'args' => array('password' => 'secred',)
+            ),
+            array(
+                'class' => 'MyClass',
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myFunction',
+                'args' => array('myarg' => 'myval')
+            )
+        );
+        Backtrace::config()->update(
+            'ignore_function_args',
+            array(
+                array('*', 'myIgnoredClassFunction'),
+            )
+        );
+
+        $filtered = Backtrace::filter_backtrace($bt);
+
+        $this->assertEquals('secred', $filtered[0]['args']['password']);
+        $this->assertEquals('<filtered>', $filtered[1]['args']['password']);
+        $this->assertEquals('myval', $filtered[2]['args']['myarg']);
+    }
 }