diff options
| author | Nils Adermann <naderman@naderman.de> | 2011-09-19 17:54:53 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2011-09-19 17:54:53 +0200 |
| commit | f31d32dd89e5d01e08f0ae09b43042377bfdfc0c (patch) | |
| tree | dc64572ebcf1d883a348bd2a3eb3044a78f017f1 | |
| parent | d0f5b527febe02063d0932bb9fb6ca6e893cd1f6 (diff) | |
| parent | cc2ecc9171a0bda2e770177c4b2775361aa5832b (diff) | |
| download | forums-f31d32dd89e5d01e08f0ae09b43042377bfdfc0c.tar forums-f31d32dd89e5d01e08f0ae09b43042377bfdfc0c.tar.gz forums-f31d32dd89e5d01e08f0ae09b43042377bfdfc0c.tar.bz2 forums-f31d32dd89e5d01e08f0ae09b43042377bfdfc0c.tar.xz forums-f31d32dd89e5d01e08f0ae09b43042377bfdfc0c.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/10370] Add function documentation for get_stacktrace().
[ticket/10370] Explain that we are not the ones hiding backtrace pieces.
[ticket/10370] Call htmlspecialchars() after phpbb_filter_root_path().
[ticket/10370] Add require_once to whitelisted functions.
[ticket/10370] Use single string instead of an array for arguments.
[ticket/10370] Ease up code checking for arguments of include etc.
[ticket/10370] Use unset() on the first backtrace instead of checking in loop.
[ticket/10370] Use phpbb_filter_root_path() in get_backtrace().
| -rw-r--r-- | phpBB/includes/functions.php | 57 |
1 files changed, 20 insertions, 37 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a20e896126..94ae319b89 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3156,61 +3156,44 @@ function add_log() } /** -* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com) +* Return a nicely formatted backtrace. +* +* Turns the array returned by debug_backtrace() into HTML markup. +* Also filters out absolute paths to phpBB root. +* +* @return string HTML markup */ function get_backtrace() { - global $phpbb_root_path; - $output = '<div style="font-family: monospace;">'; $backtrace = debug_backtrace(); - $path = phpbb_realpath($phpbb_root_path); - foreach ($backtrace as $number => $trace) - { - // We skip the first one, because it only shows this file/function - if ($number == 0) - { - continue; - } + // We skip the first one, because it only shows this file/function + unset($backtrace[0]); + foreach ($backtrace as $trace) + { // Strip the current directory from path - if (empty($trace['file'])) - { - $trace['file'] = ''; - } - else - { - $trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']); - $trace['file'] = substr($trace['file'], 1); - } - $args = array(); + $trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file'])); + $trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line']; - // If include/require/include_once is not called, do not show arguments - they may contain sensible information - if (!in_array($trace['function'], array('include', 'require', 'include_once'))) + // Only show function arguments for include etc. + // Other parameters may contain sensible information + $argument = ''; + if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once'))) { - unset($trace['args']); - } - else - { - // Path... - if (!empty($trace['args'][0])) - { - $argument = htmlspecialchars($trace['args'][0]); - $argument = str_replace(array($path, '\\'), array('', '/'), $argument); - $argument = substr($argument, 1); - $args[] = "'{$argument}'"; - } + $argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0])); } $trace['class'] = (!isset($trace['class'])) ? '' : $trace['class']; $trace['type'] = (!isset($trace['type'])) ? '' : $trace['type']; $output .= '<br />'; - $output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />'; + $output .= '<b>FILE:</b> ' . $trace['file'] . '<br />'; $output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />'; - $output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />'; + $output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']); + $output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />'; } $output .= '</div>'; return $output; |