Index: DefaultHandler.php =================================================================== --- DefaultHandler.php (revision 49242) +++ DefaultHandler.php (working copy) @@ -80,7 +80,12 @@ protected static $output_type = null; + const REDACT_REPLACEMENT = '*********'; + protected static $redact_keys = array(); + + protected static $redact_values = array(); + const OUTPUTFORMAT_HTML = 'html'; const OUTPUTFORMAT_TEXT = 'text'; @@ -378,6 +383,9 @@ $output_array = array(); foreach ($arg as $key => $val) { + if (in_array($key, self::$redact_keys)) { + $val = self::REDACT_REPLACEMENT; + } if (is_scalar($val)) { $output_array[] = "'$key' => '$val'"; } else { @@ -394,6 +402,11 @@ } $level++; } + + if (count(self::$redact_values)>0) { + $output = str_replace(self::$redact_values, self::REDACT_REPLACEMENT, $output); + } + return $output; } @@ -403,16 +416,20 @@ $error = 'Date/Time: ' . date("D j M Y H:i:s (T)")."\n"; if (isset($_SERVER['HTTP_HOST'])) { + + $request_url = $_SERVER['REQUEST_URI']; + if (count(self::$redact_keys)>0) { + $request_url = preg_replace('@([\?&](?:' . implode('|', array_map('preg_quote', self::$redact_keys)) . ')=)([^\?&]*)@', '$1' . self::REDACT_REPLACEMENT, $request_url); + } + // Some environments (e.g. FastCGI with mod_fcgid) send the complete // URL including scheme in the REQUEST_URI variable - if (preg_match('|^[a-z]+://|i', $_SERVER['REQUEST_URI'])) { - $request_url = $_SERVER['REQUEST_URI']; - } else { + if (!preg_match('|^[a-z]+://|i', $request_url)) { $scheme = 'http'; if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == '1' || $_SERVER['HTTPS'] == 'on')) { $scheme = 'https'; } - $request_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + $request_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $request_url; } $error .= 'Request URL: ' . $request_url ."\n"; if (isset($_SERVER['REMOTE_HOST']) && !empty($_SERVER['REMOTE_HOST'])) { @@ -453,6 +470,9 @@ if (count($_POST) > 0) { $error .= "HTTP POST variables:\n"; foreach ($_POST as $variable => $value) { + if (in_array($variable, self::$redact_keys)) { + $value = self::REDACT_REPLACEMENT; + } // TODO: Iterate this properly for arrays with >2 dimensions... if (is_array($value)) { foreach($value as $array_key => $array_value) { @@ -476,11 +496,18 @@ if (isset($GLOBALS['argv'])) { $error .= "CLI arguments (argv):\n"; foreach ($GLOBALS['argv'] as $key => $val) { + if (in_array($key, self::$redact_keys)) { + $val = self::REDACT_REPLACEMENT; + } $error .= "$key => $val\n"; } } } + if (count(self::$redact_values)>0) { + $error = str_replace(self::$redact_values, self::REDACT_REPLACEMENT, $error); + } + return $error; } @@ -692,5 +719,27 @@ return false; } - + + /** + * Add a key which will be redacted in the case there is an error, all associative + * arrays will be checked for the key and the value will be redacted + * + * @param string $key - The key to redact + */ + public function addKeyToRedact($key) + { + self::$redact_keys[] = $key; + } + + /** + * Add a value which will be redacted in the case there is an error + * + * Example usecase hide a password when an error occurs during a login + * + * @param string $value - The value to redact + */ + public function addValueToRedact($value) + { + self::$redact_values[] = $value; + } }