mirror/php-monolog
1
0
Fork 0
mirror of https://github.com/Seldaek/monolog.git synced 2025-10-23 09:36:11 +02:00
Code Issues Releases Wiki Activity

Avoid information leaks through call_user_func arguments, fixes #1138

Browse Source
This commit is contained in:
Jordi Boggiano
2018-06-18 17:21:54 +02:00
parent 57a8a172e5
commit 3e92b08956
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Monolog/Formatter/NormalizerFormatter.php
View File

@@ -151,9 +151,20 @@ class NormalizerFormatter implements FormatterInterface
if (isset($frame['file'])) {
$data['trace'][] = $frame['file'].':'.$frame['line'];
} elseif (isset($frame['function']) && $frame['function'] === '{closure}') {
// We should again normalize the frames, because it might contain invalid items
// Simplify closures handling
$data['trace'][] = $frame['function'];
} else {
if (isset($frame['args'])) {
// Make sure that objects present as arguments are not serialized nicely but rather only
// as a class name to avoid any unexpected leak of sensitive information
$frame['args'] = array_map(function ($arg) {
if (is_object($arg) && !($arg instanceof \DateTime || $arg instanceof \DateTimeInterface)) {
return sprintf("[object] (%s)", get_class($arg));
}
return $arg;
}, $frame['args']);
}
// We should again normalize the frames, because it might contain invalid items
$data['trace'][] = $this->toJson($this->normalize($frame), true);
}