From c582a6e7918e20d9ebcc30e8aa35bb74f8b5cc3b Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 22 Jun 2016 14:28:38 +0200 Subject: [PATCH 1/2] Add a test for references normalization This is an issue in particular when $GLOBALS gets stuck into $context --- tests/Monolog/Formatter/NormalizerFormatterTest.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/Monolog/Formatter/NormalizerFormatterTest.php b/tests/Monolog/Formatter/NormalizerFormatterTest.php index 83adb7e2..24f3222e 100644 --- a/tests/Monolog/Formatter/NormalizerFormatterTest.php +++ b/tests/Monolog/Formatter/NormalizerFormatterTest.php @@ -166,6 +166,15 @@ class NormalizerFormatterTest extends \PHPUnit_Framework_TestCase $this->assertEquals(@json_encode(array($foo, $bar)), $res); } + public function testCanNormalizeReferences() + { + $formatter = new NormalizerFormatter(); + $x = ['foo' => 'bar']; + $y = ['x' => &$x]; + $x['y'] = &$y; + $formatter->format($y); + } + public function testIgnoresInvalidTypes() { // set up the recursion From 50232e7bb40ebd02293a8fd815b45d4c0eaf1aed Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 22 Jun 2016 14:36:16 +0200 Subject: [PATCH 2/2] Introduce a depth parameter for normalization to limit stack nesting --- src/Monolog/Formatter/JsonFormatter.php | 8 ++++++-- src/Monolog/Formatter/NormalizerFormatter.php | 8 ++++++-- src/Monolog/Formatter/WildfireFormatter.php | 4 ++-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/Monolog/Formatter/JsonFormatter.php b/src/Monolog/Formatter/JsonFormatter.php index 06e9d13d..b0f1795a 100644 --- a/src/Monolog/Formatter/JsonFormatter.php +++ b/src/Monolog/Formatter/JsonFormatter.php @@ -135,8 +135,12 @@ class JsonFormatter extends NormalizerFormatter * * @return mixed */ - protected function normalize($data) + protected function normalize($data, $depth = 0) { + if ($depth > 9) { + return 'Over 9 levels deep, aborting normalization'; + } + if (is_array($data) || $data instanceof \Traversable) { $normalized = array(); @@ -146,7 +150,7 @@ class JsonFormatter extends NormalizerFormatter $normalized['...'] = 'Over 1000 items, aborting normalization'; break; } - $normalized[$key] = $this->normalize($value); + $normalized[$key] = $this->normalize($value, $depth+1); } return $normalized; diff --git a/src/Monolog/Formatter/NormalizerFormatter.php b/src/Monolog/Formatter/NormalizerFormatter.php index a76e2aed..801231e3 100644 --- a/src/Monolog/Formatter/NormalizerFormatter.php +++ b/src/Monolog/Formatter/NormalizerFormatter.php @@ -55,8 +55,12 @@ class NormalizerFormatter implements FormatterInterface return $records; } - protected function normalize($data) + protected function normalize($data, $depth = 0) { + if ($depth > 9) { + return 'Over 9 levels deep, aborting normalization'; + } + if (null === $data || is_scalar($data)) { if (is_float($data)) { if (is_infinite($data)) { @@ -79,7 +83,7 @@ class NormalizerFormatter implements FormatterInterface $normalized['...'] = 'Over 1000 items, aborting normalization'; break; } - $normalized[$key] = $this->normalize($value); + $normalized[$key] = $this->normalize($value, $depth+1); } return $normalized; diff --git a/src/Monolog/Formatter/WildfireFormatter.php b/src/Monolog/Formatter/WildfireFormatter.php index 654710a8..65dba99c 100644 --- a/src/Monolog/Formatter/WildfireFormatter.php +++ b/src/Monolog/Formatter/WildfireFormatter.php @@ -102,12 +102,12 @@ class WildfireFormatter extends NormalizerFormatter throw new \BadMethodCallException('Batch formatting does not make sense for the WildfireFormatter'); } - protected function normalize($data) + protected function normalize($data, $depth = 0) { if (is_object($data) && !$data instanceof \DateTime) { return $data; } - return parent::normalize($data); + return parent::normalize($data, $depth); } }