/** * Format the Source IP address, URL, URL parameters, and all form parameters * into a string suitable for the log file. The list of parameters to obfuscate * should be specified in order to prevent sensitive information from being * logged. If a NULL or empty list of parameters is provided, then all * parameters will be logged in the clear. If HTTP request logging is done in a * central place $paramsToObfuscate could be made a configuration parameter. We * include it here in case different parts of the application need to obfuscate * different parameters. * * @param SafeRequest $request Current Request object. * @param Auditor $auditor The auditor to write the request to. * @param array|NULL $paramsToObfuscate The sensitive parameters. */ public function logHTTPRequestObfuscate($request, $auditor, $paramsToObfuscate) { if ($request instanceof SafeRequest == false) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of SafeRequest.'); } if ($auditor instanceof Auditor == false) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an instance of Auditor.'); } if ($paramsToObfuscate === null) { $paramsToObfuscate = array(); } elseif (!is_array($paramsToObfuscate)) { throw new InvalidArgumentException('logHTTPRequestObfuscate expects an array $paramsToObfuscate or null.'); } $msg = ''; $msg .= $request->getRemoteAddr(); if ($msg !== '') { $msg .= ' '; } $msg .= $request->getMethod(); if ($msg !== '') { $msg .= ' '; } $path = $request->getRequestURI() . $request->getPathInfo(); $msg .= $path; $params = $request->getParameterMap(); if ($path !== '' && sizeof($params, false) > 0) { $msg .= '?'; } elseif ($msg !== '') { $msg .= ' '; } $paramBuilder = array(); foreach ($params as $pName => $pValues) { foreach ($pValues as $pval) { $pair = ''; $pair .= "{$pName}"; if ($pval == '') { $paramBuilder[] = $pair; continue; } if (in_array($pName, $paramsToObfuscate, true)) { $pair .= '=********'; } else { $pair .= "={$pval}"; } $paramBuilder[] = $pair; } } $msg .= implode('&', $paramBuilder); $cookies = $request->getCookies(); $sessName = session_name(); foreach ($cookies as $cName => $cValue) { if ($cName !== $sessName) { $msg .= "+{$cName}={$cValue}"; } } $auditor->info(Auditor::SECURITY, true, $msg); }
/** * Test of SafeRequest::getPathInfo() with valid input. * * @return bool true True on Pass. */ function testGetPathInfoInputValid() { $req = new SafeRequest(array('env' => array('PATH_INFO' => '/foo'))); $result = $req->getPathInfo(); $this->assertInternalType('string', $result); $this->assertEquals('/foo', $result); }