Merge branch 'develop-olympus' into develop

* develop-olympus: [ticket/10370] Add function documentation for get_stacktrace(). [ticket/10370] Explain that we are not the ones hiding backtrace pieces. [ticket/10370] Call htmlspecialchars() after phpbb_filter_root_path(). [ticket/10370] Add require_once to whitelisted functions. [ticket/10370] Use single string instead of an array for arguments. [ticket/10370] Ease up code checking for arguments of include etc. [ticket/10370] Use unset() on the first backtrace instead of checking in loop. [ticket/10370] Use phpbb_filter_root_path() in get_backtrace().
2025-05-08 16:45:19 +02:00 · 2011-09-19 17:54:53 +02:00 · 2011-09-19 17:54:53 +02:00 · f31d32dd89
commit f31d32dd89
parent d0f5b527fe cc2ecc9171
1 changed files with 20 additions and 37 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -3156,61 +3156,44 @@ function add_log()
 }
 /**
-* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com)
+* Return a nicely formatted backtrace.
 *
 * Turns the array returned by debug_backtrace() into HTML markup.
 * Also filters out absolute paths to phpBB root.
 *
 * @return string	HTML markup
 */
 function get_backtrace()
 {
 	global $phpbb_root_path;
 	$output = '<div style="font-family: monospace;">';
 	$backtrace = debug_backtrace();
 	$path = phpbb_realpath($phpbb_root_path);
 	foreach ($backtrace as $number => $trace)
 	{
 	// We skip the first one, because it only shows this file/function
-		if ($number == 0)
+	unset($backtrace[0]);
 		{
 			continue;
 		}
 	foreach ($backtrace as $trace)
 	{
 		// Strip the current directory from path
-		if (empty($trace['file']))
+		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
-		{
+		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
 			$trace['file'] = '';
 		}
 		else
 		{
 			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']);
 			$trace['file'] = substr($trace['file'], 1);
 		}
 		$args = array();
-		// If include/require/include_once is not called, do not show arguments - they may contain sensible information
+		// Only show function arguments for include etc.
-		if (!in_array($trace['function'], array('include', 'require', 'include_once')))
+		// Other parameters may contain sensible information
 		$argument = '';
 		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
 		{
-			unset($trace['args']);
+			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
 		}
 		else
 		{
 			// Path...
 			if (!empty($trace['args'][0]))
 			{
 				$argument = htmlspecialchars($trace['args'][0]);
 				$argument = str_replace(array($path, '\\'), array('', '/'), $argument);
 				$argument = substr($argument, 1);
 				$args[] = "'{$argument}'";
 			}
 		}
 		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
 		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
 		$output .= '<br />';
-		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
+		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
 		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
-		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />';
+		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
 		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
 	}
 	$output .= '</div>';
 	return $output;