From c503400b20e16a99421dcce985e016f0f8067341 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 24 Mar 2009 08:51:23 +0000
Subject: [PATCH] Change format of backtrace to one without varibles.

This patch changes the backtrace format user when logging an error
to a format which doesn't include the variables passed to functions
in the output. This is done to avoid disclosing the password of the
user.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1439 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Utilities.php | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index d41943ea8..e4b40bbae 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -325,24 +325,33 @@ class SimpleSAML_Utilities {
 
 
 	/**
-	 * This function dumps a backtrace to the error log.
+	 * Format a backtrace from an exception.
 	 *
-	 * The log is in the following form:
-	 *  BT: (0) <filename>:<line> (<current function>)
-	 *  BT: (1) <filename>:<line> (<previous fucntion>)
+	 * This function formats a backtrace from an exception in a simple format
+	 * which doesn't include the variables passed to functions.
+	 *
+	 * The bactrace has the following format:
+	 *  0: <filename>:<line> (<current function>)
+	 *  1: <filename>:<line> (<previous fucntion>)
 	 *  ...
-	 *  BT: (N) <filename>:<line> (N/A)
+	 *  N: <filename>:<line> (N/A)
 	 *
-	 * The log starts at the function which calls logBacktrace().
+	 * @param Exception $e  The exception we should format the backtrace for.
+	 * @param int $startDepth  The first frame we should include in the backtrace.
+	 * @return string  The formatted backtrace.
 	 */
-	public static function logBacktrace() {
+	public static function formatBacktrace(Exception $e, $startDepth = 0) {
+		assert('$e instanceof Exception');
+		assert('is_int($startDepth)');
 
-		$e = new Exception();
+		$trace = '';
 
-		$bt = self::buildBackTrace($e, 1);
+		$bt = self::buildBacktrace($e, $startDepth);
 		foreach($bt as $depth => $t) {
-			error_log('BT: (' . $depth . ') ' . $t);
+			$trace .= $depth . ': ' . $t . "\n";
 		}
+
+		return $trace;
 	}
 
 
@@ -506,7 +515,7 @@ class SimpleSAML_Utilities {
 
 		// Get the exception message if there is any exception provided.
 		$emsg   = (empty($e) ? 'No exception available' : $e->getMessage());
-		$etrace = (empty($e) ? 'No exception available' : $e->getTraceAsString()); 
+		$etrace = (empty($e) ? 'No exception available' : self::formatBacktrace($e));
 
 		if(!empty($errorcode) && count($parameters) > 0) {
 			$reptext = array();
-- 
GitLab