0
I am creating logs for any time my system has an unexpected behavior, where it will not necessarily crash my system, for example an improper access using an unknown token or an attempt to Force, my intention is to use a similar function:
function create_log( $filename, $log ) {
file_put_contents(
$filename.'.log', '[START]'.
json_encode($_REQUEST).PHP_EOL.
json_encode($_SESSION).PHP_EOL.
"Log ".$log.PHP_EOL.'[END]'.PHP_EOL
, FILE_APPEND );
}
That is, except for information that came in the body of the request, whatever the method, and information from the current session, it turns out that there are some data that would not like to save in this log, kind of customer credit card data, login password in the system and etc... so I’m thinking of a function that removes this information before calling the function create_log
and one that recreates that information so as not to slow the flow of my code if that information is still needed.
In an older version I used something similar:
function create_log( $filename, $log ) {
unset_fields();
file_put_contents(...);
reset_fields();
}
function unset_fields(){
$_SESSION["senha"] = $_REQUEST["senha"];
unset($_REQUEST["senha"]);
}
function reset_fields(){
$_REQUEST["senha"] = $_SESSION["senha"];
}
In other words, I used session variables as auxiliary variables, but now I also need to log in information from the client session that is accessing the system, and in order to improve the code, I am trying something like:
$_REQUEST["remover"] = 5;
$_REQUEST["não remover"] = 5;
// variável request antes de remover os campos sensíveis
var_dump($_REQUEST);
$arr = array("não existe", "remover");
unset_fields($arr);
// aqui viria o file_put_contents
var_dump($_REQUEST);
reset_fields($arr);
// aqui eu necessitava da global $_REQUEST no seu estado inicial
var_dump($_REQUEST);
function unset_fields(array $array){
foreach($array as $val) {
if(isset($_REQUEST[$val])){
${$val} = $_REQUEST[$val];
unset($_REQUEST[$val]);
}
}
}
function reset_fields(array $array){
foreach($array as $val) {
if(isset(${$val})){
$_REQUEST[$val] = ${$val} ;
}
}
}
The code above prints:
array(2) {
["remover"]=>
int(5)
["não remover"]=>
int(5)
}
array(1) {
["não remover"]=>
int(5)
}
array(1) {
["não remover"]=>
int(5)
}
That is, my problem is in the scope of the variable created as auxiliary, it exists only within the function unset_fields
and yet if I make it "global" or define myself as constant, I run the risk of the variable conflicting with some other that already exists.
I just didn’t get it right why you save the sensitive information in session and you will write it to file the same way. You just went from
$_REQUEST
for$_SESSION
, but both are recorded in the log, right? Besides, wouldn’t it be easier for you to copy the contents of these superglobals to local variables and filter those? So you wouldn’t need to worry about recovering the initial context.– Woss