Via HackerOne. We currently expose the daemon log in the web UI. The utility of doing this is large, but stack traces may occasionally contain too much information.

Instead of printing out function arguments in stack traces, just print out the types. This is at least as useful in most cases, and can't leak anything sensitive.

Also, when possible, canonicalize paths in stack traces relative to a known library. This makes them slightly more readable, and may reduce the number of researchers reporting full path disclosure via HackerOne.

Ran something like this:

function f() {
  throw new Exception("ABCDEF");
}

f("a", 1, null, false, (object)array(), array(), new PhutilJSON());

...and got this stack trace:

>>> orbital ~/devtools/libphutil $ ./scripts/test/prompt.php 
[2014-06-14 19:14:45] EXCEPTION: (Exception) ABCDEF at [<phutil>/scripts/test/prompt.php:8]
  #0 f(string, integer, NULL, boolean, stdClass, array, PhutilJSON) called at [<phutil>/scripts/test/prompt.php:11]