FIX updateValidatePassword calls need to be masked from backtraces

2024-10-22 14:05:37 +02:00 · 2018-07-14 19:30:29 +01:00 · 2018-07-14 19:30:29 +01:00 · e37b3b95f4
commit e37b3b95f4
parent ab942c9290
2 changed files with 46 additions and 1 deletions
--- a/src/Dev/Backtrace.php
+++ b/src/Dev/Backtrace.php
@ -45,6 +45,7 @@ class Backtrace
        array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
        array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
        array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
+        array('*', 'updateValidatePassword'),
    );

    /**
@ -106,7 +107,10 @@ class Backtrace
            $match = false;
            if (!empty($bt[$i]['class'])) {
                foreach ($ignoredArgs as $fnSpec) {
-                    if (is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) {
+                    if (is_array($fnSpec) &&
+                        ('*' == $fnSpec[0] || $bt[$i]['class'] == $fnSpec[0]) &&
+                        $bt[$i]['function'] == $fnSpec[1]
+                    ) {
                        $match = true;
                    }
                }
--- a/tests/php/Dev/BacktraceTest.php
+++ b/tests/php/Dev/BacktraceTest.php
@ -68,4 +68,45 @@ class BacktraceTest extends SapphireTest
        $this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
        $this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
    }
+
+    public function testFilteredWildCard()
+    {
+        $bt = array(
+            array(
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myIgnoredGlobalFunction',
+                'args' => array('password' => 'secred',)
+            ),
+            array(
+                'class' => 'MyClass',
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myIgnoredClassFunction',
+                'args' => array('password' => 'secred',)
+            ),
+            array(
+                'class' => 'MyClass',
+                'type' => '->',
+                'file' => 'MyFile.php',
+                'line' => 99,
+                'function' => 'myFunction',
+                'args' => array('myarg' => 'myval')
+            )
+        );
+        Backtrace::config()->update(
+            'ignore_function_args',
+            array(
+                array('*', 'myIgnoredClassFunction'),
+            )
+        );
+
+        $filtered = Backtrace::filter_backtrace($bt);
+
+        $this->assertEquals('secred', $filtered[0]['args']['password']);
+        $this->assertEquals('<filtered>', $filtered[1]['args']['password']);
+        $this->assertEquals('myval', $filtered[2]['args']['myarg']);
+    }
 }