Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F18783955
D9540.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D9540.diff
View Options
diff --git a/src/error/PhutilErrorHandler.php b/src/error/PhutilErrorHandler.php
--- a/src/error/PhutilErrorHandler.php
+++ b/src/error/PhutilErrorHandler.php
@@ -298,13 +298,22 @@
if (isset($entry['args'])) {
$args = array();
foreach ($entry['args'] as $arg) {
- $args[] = PhutilReadableSerializer::printShort($arg);
+
+ // NOTE: Print out object types, not values. Values sometimes contain
+ // sensitive information and are usually not particularly helpful
+ // for debugging.
+
+ $type = (gettype($arg) == 'object')
+ ? get_class($arg)
+ : gettype($arg);
+ $args[] = $type;
}
$line .= '('.implode(', ', $args).')';
}
if (isset($entry['file'])) {
- $line .= ' called at ['.$entry['file'].':'.$entry['line'].']';
+ $file = self::adjustFilePath($entry['file']);
+ $line .= ' called at ['.$file.':'.$entry['line'].']';
}
$result[] = $line;
@@ -357,7 +366,7 @@
'[%s] EXCEPTION: %s at [%s:%d]',
$timestamp,
$messages,
- self::getRootException($value)->getFile(),
+ self::adjustFilePath(self::getRootException($value)->getFile()),
self::getRootException($value)->getLine());
$metadata['default_message'] = $default_message;
@@ -404,4 +413,32 @@
}
}
+ public static function adjustFilePath($path) {
+ // Compute known library locations so we can emit relative paths if the
+ // file resides inside a known library. This is a little cleaner to read,
+ // and limits the number of false positives we get about full path
+ // disclosure via HackerOne.
+
+ $bootloader = PhutilBootloader::getInstance();
+ $libraries = $bootloader->getAllLibraries();
+ $roots = array();
+ foreach ($libraries as $library) {
+ $root = $bootloader->getLibraryRoot($library);
+ // For these libraries, the effective root is one level up.
+ switch ($library) {
+ case 'phutil':
+ case 'arcanist':
+ case 'phabricator':
+ $root = dirname($root);
+ break;
+ }
+
+ if (!strncmp($root, $path, strlen($root))) {
+ return '<'.$library.'>'.substr($path, strlen($root));
+ }
+ }
+
+ return $path;
+ }
+
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Oct 14 2025, 11:06 AM (12 w, 6 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
8916940
Default Alt Text
D9540.diff (2 KB)
Attached To
Mode
D9540: Reduce the amount of information leaked into stack traces
Attached
Detach File
Event Timeline
Log In to Comment