Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Only log the $_SERVER information under YII_DEBUG (#18707) 

* Only log the $_SERVER information under YII_DEBUG

Since $_SERVER can contain sensitive information that could leak in CI pipelines ideally it should happen under the YII_DEBUG flag only

* Added upgrade / changelog

* Corrected the upgrade information

* Update framework/UPGRADE.md

Co-authored-by: Alexander Makarov <sam@rmcreative.ru>

Co-authored-by: Bizley <pawel@positive.codes>
Co-authored-by: Alexander Makarov <sam@rmcreative.ru>
tags/2.0.43
Alexandru Bucur 3 years ago committed by GitHub
parent
c43a168a31
commit
2fe03cd82c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 5
      framework/UPGRADE.md
  3. 2
      framework/base/ErrorHandler.php

1
framework/CHANGELOG.md
Unescape View File

@ -12,6 +12,7 @@ Yii Framework 2 Change Log
- Enh #18676: Added method `yii\helpers\BaseFileHelper::changeOwnership()` and properties `newFileMode`/`newFileOwnership` in `yii\console\controllers\BaseMigrateController` (rhertogh)
- Bug #18678: Fix `yii\caching\DbCache` to use configured cache table name instead of the default one in case of MSSQL varbinary column type detection (aidanbek)
- Enh #18695: Added `yii\web\Cookie::SAME_SITE_NONE` constant (rhertogh)
- Enh #18707: Changed the base error handler to not expose `$_SERVER` details unless `YII_DEBUG` is enabled (coolgoose)
- Enh #18712: Added `$scheme` option to `yii\i18n\Formatter::asUrl()` (bizley)
- Bug #18648: Fix `yii\web\Request` to properly handle HTTP Basic Auth headers (olegbaturin)
- Enh #18726: Added `yii\helpers\Json::$prettyPrint` (rhertogh)

5
framework/UPGRADE.md
Unescape View File

@ -51,6 +51,11 @@ if you want to upgrade from version A to version C and there is
version B between A and C, you need to follow the instructions
for both A and B.
Upgrade from Yii 2.0.42
-----------------------
* `yii\base\ErrorHandler` does not expose the `$_SERVER` information implicitely anymore.
Upgrade from Yii 2.0.41
-----------------------

2
framework/base/ErrorHandler.php
Unescape View File

@ -169,10 +169,10 @@ abstract class ErrorHandler extends Component
} else {
echo '<pre>' . htmlspecialchars($msg, ENT_QUOTES, Yii::$app->charset) . '</pre>';
}
$msg .= "\n\$_SERVER = " . VarDumper::export($_SERVER);
} else {
echo 'An internal server error occurred.';
}
$msg .= "\n\$_SERVER = " . VarDumper::export($_SERVER);
error_log($msg);
if (defined('HHVM_VERSION')) {
flush();

Write Preview
Loading…
Cancel
Save