SECURITY: logging: hash the session_id in case somebody posts log snippets from active sessions; also provide a hashed process_id if using a daemon process (with no session) for easier tracking of related log events
This commit is contained in:
		| @@ -665,7 +665,7 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { | ||||
| 	$stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); | ||||
| 	$where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; | ||||
|  | ||||
| 	$s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; | ||||
| 	$s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . logid() . ':' . $where . $msg . PHP_EOL; | ||||
| 	$pluginfo = array('filename' => $logfile, 'loglevel' => $level, 'message' => $s,'priority' => $priority, 'logged' => false); | ||||
|  | ||||
| 	if(! (App::$module == 'setup')) | ||||
| @@ -675,6 +675,13 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { | ||||
| 		@file_put_contents($pluginfo['filename'], $pluginfo['message'], FILE_APPEND); | ||||
| } | ||||
|  | ||||
| function logid() { | ||||
| 	$x = session_id(); | ||||
| 	if(! $x) | ||||
| 		$x = getmypid(); | ||||
| 	return hash('crc32',$x); | ||||
| } | ||||
|  | ||||
| /** | ||||
|  * @brief like logger() but with a function backtrace to pinpoint certain classes | ||||
|  * of problems which show up deep in the calling stack. | ||||
| @@ -693,7 +700,7 @@ function btlogger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { | ||||
| 	if(file_exists(BTLOGGER_DEBUG_FILE) && is_writable(BTLOGGER_DEBUG_FILE)) { | ||||
| 		$stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); | ||||
| 		$where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; | ||||
| 		$s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; | ||||
| 		$s = datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . log_priority_str($priority) . ':' . logid() . ':' . $where . $msg . PHP_EOL; | ||||
| 		@file_put_contents(BTLOGGER_DEBUG_FILE, $s, FILE_APPEND); | ||||
| 	} | ||||
|  | ||||
| @@ -764,7 +771,7 @@ function dlogger($msg, $level = 0) { | ||||
| 	$where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; | ||||
|  | ||||
|  | ||||
| 	@file_put_contents($logfile, datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); | ||||
| 	@file_put_contents($logfile, datetime_convert('UTC','UTC', 'now', ATOM_TIME) . ':' . logid() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); | ||||
| } | ||||
|  | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user