Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: $sensitiveDataInTrace does not work #7708

Closed
kenjis opened this issue Jul 14, 2023 · 3 comments · Fixed by #7725
Closed

Bug: $sensitiveDataInTrace does not work #7708

kenjis opened this issue Jul 14, 2023 · 3 comments · Fixed by #7725
Labels
bug Verified issues on the current code behavior or pull requests that will fix them

Comments

@kenjis
Copy link
Member

kenjis commented Jul 14, 2023
edited
Loading

PHP Version

8.1

CodeIgniter4 Version

4.3.6 and develop

CodeIgniter4 Installation Method

Git

Which operating systems have you tested for this bug?

macOS

Which server did you use?

cli-server (PHP built-in webserver)

Database

n/a

What happened?

1. APPPATH/Controllers/Home.php : 15   —  App\Controllers\Home->f ( arguments )                          

$obj     stdClass Object 
         (     
              [password] => ****************** 
         )

$array   Array 
         (     
              [password] => secret2 
         )

Steps to Reproduce

--- a/app/Config/Exceptions.php
+++ b/app/Config/Exceptions.php
@@ -49,7 +49,7 @@ class Exceptions extends BaseConfig
      * In order to specify 2 levels, use "/" to separate.
      * ex. ['server', 'setup/password', 'secret_token']
      */
-    public array $sensitiveDataInTrace = [];
+    public array $sensitiveDataInTrace = ['password'];
 
     /**
      * --------------------------------------------------------------------------
<?php

namespace App\Controllers;

class Home extends BaseController
{
    public function index()
    {
        $obj = (object) [
            'password' => 'secret1',
        ];

        $array = ['password' => 'secret2'];

        $this->f($obj, $array);
    }

    private function f($obj, $array)
    {
        foo($obj, $array);
    }
}

Expected Output

The array's password value should also be ******************.

Anything else?

If I set $sensitiveDataInTrace = ['file'], I get the following error:

Fatal error: Uncaught TypeError: Cannot assign string to property Config\Cache::$file of type array in .../CodeIgniter4/system/Debug/Exceptions.php on line 325

Ref #4550
@kenjis kenjis added the bug Verified issues on the current code behavior or pull requests that will fix them label Jul 14, 2023
@ping-yee
Copy link
Contributor

ping-yee commented Jul 15, 2023
edited
Loading

image

It even doesn't be handled in object in my side, do I get the result of reproduce in the wrong place?

@kenjis
Copy link
Member Author

kenjis commented Jul 21, 2023 

<?php

namespace App\Controllers;

class Home extends BaseController
{
    public function index()
    {
        $obj = (object) [
            'default' => ['password' => 'secret1'],
        ];

        $array = ['password' => 'secret2'];

        $this->f($obj, $array);
    }

    private function f($obj, $array)
    {
        foo($obj, $array);
    }
}

Screenshot 2023-07-21 13 43 13

@kenjis kenjis mentioned this issue Jul 21, 2023
Merged
5 tasks
@kenjis
Copy link
Member Author

kenjis commented Jul 21, 2023

@ping-yee What do you mean?
Try #7725

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: $sensitiveDataInTrace does not work kenjis/CodeIgniter4
2 participants
@kenjis @ping-yee