tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8263 from dhensby/pulls/4.1/mask-backtrace

Browse Source 
FIX updateValidatePassword calls need to be masked from backtraces
This commit is contained in:
Loz Calver 2018-07-16 10:30:22 +01:00 committed by GitHub
commit 106ca6643a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Dev/Backtrace.php
View File

@ -45,6 +45,7 @@ class Backtrace
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'), array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'), array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'), array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
array('*', 'updateValidatePassword'),
); );
/** /**
@ -106,7 +107,10 @@ class Backtrace
$match = false; $match = false;
if (!empty($bt[$i]['class'])) { if (!empty($bt[$i]['class'])) {
foreach ($ignoredArgs as $fnSpec) { foreach ($ignoredArgs as $fnSpec) {
if (is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) { if (is_array($fnSpec) &&
('*' == $fnSpec[0] || $bt[$i]['class'] == $fnSpec[0]) &&
$bt[$i]['function'] == $fnSpec[1]
) {
$match = true; $match = true;
} }
} }

41
tests/php/Dev/BacktraceTest.php
View File

@ -68,4 +68,45 @@ class BacktraceTest extends SapphireTest
$this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions'); $this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
$this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions'); $this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
} }
public function testFilteredWildCard()
{
$bt = array(
array(
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myIgnoredGlobalFunction',
'args' => array('password' => 'secred',)
),
array(
'class' => 'MyClass',
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myIgnoredClassFunction',
'args' => array('password' => 'secred',)
),
array(
'class' => 'MyClass',
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myFunction',
'args' => array('myarg' => 'myval')
)
);
Backtrace::config()->update(
'ignore_function_args',
array(
array('*', 'myIgnoredClassFunction'),
)
);
$filtered = Backtrace::filter_backtrace($bt);
$this->assertEquals('secred', $filtered[0]['args']['password']);
$this->assertEquals('<filtered>', $filtered[1]['args']['password']);
$this->assertEquals('myval', $filtered[2]['args']['myarg']);
}
} }