diff options
author | zotlabs <mike@macgirvin.com> | 2018-06-25 13:20:12 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-06-25 13:20:12 -0700 |
commit | f66fb8e2a866f5ad638f34385cf6c24da7419c1b (patch) | |
tree | 84014ac92f3b8f66f078deb759cafca5700231c3 /include/text.php | |
parent | 4866ed52836028008af795da65faa2c0cd6e5df2 (diff) | |
download | volse-hubzilla-f66fb8e2a866f5ad638f34385cf6c24da7419c1b.tar.gz volse-hubzilla-f66fb8e2a866f5ad638f34385cf6c24da7419c1b.tar.bz2 volse-hubzilla-f66fb8e2a866f5ad638f34385cf6c24da7419c1b.zip |
SECURITY: logging: hash the session_id in case somebody posts log snippets from active sessions; also provide a hashed process_id if using a daemon process (with no session) for easier tracking of related log events
Diffstat (limited to 'include/text.php')
-rw-r--r-- | include/text.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/include/text.php b/include/text.php index 8bade6e90..7d62895bd 100644 --- a/include/text.php +++ b/include/text.php @@ -665,7 +665,7 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; + $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . logid() . ':' . $where . $msg . PHP_EOL; $pluginfo = array('filename' => $logfile, 'loglevel' => $level, 'message' => $s,'priority' => $priority, 'logged' => false); if(! (App::$module == 'setup')) @@ -675,6 +675,13 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { @file_put_contents($pluginfo['filename'], $pluginfo['message'], FILE_APPEND); } +function logid() { + $x = session_id(); + if(! $x) + $x = getmypid(); + return hash('crc32',$x); +} + /** * @brief like logger() but with a function backtrace to pinpoint certain classes * of problems which show up deep in the calling stack. @@ -693,7 +700,7 @@ function btlogger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { if(file_exists(BTLOGGER_DEBUG_FILE) && is_writable(BTLOGGER_DEBUG_FILE)) { $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; + $s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . logid() . ':' . $where . $msg . PHP_EOL; @file_put_contents(BTLOGGER_DEBUG_FILE, $s, FILE_APPEND); } @@ -764,7 +771,7 @@ function dlogger($msg, $level = 0) { $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; - @file_put_contents($logfile, datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); + @file_put_contents($logfile, datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . logid() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } |