This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of EC-CUBE |
||
5 | * |
||
6 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
7 | * |
||
8 | * http://www.lockon.co.jp/ |
||
9 | * |
||
10 | * This program is free software; you can redistribute it and/or |
||
11 | * modify it under the terms of the GNU General Public License |
||
12 | * as published by the Free Software Foundation; either version 2 |
||
13 | * of the License, or (at your option) any later version. |
||
14 | * |
||
15 | * This program is distributed in the hope that it will be useful, |
||
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
18 | * GNU General Public License for more details. |
||
19 | * |
||
20 | * You should have received a copy of the GNU General Public License |
||
21 | * along with this program; if not, write to the Free Software |
||
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
23 | */ |
||
24 | |||
25 | namespace Eccube\Log\Monolog\Helper; |
||
26 | |||
27 | use Eccube\Entity\Customer; |
||
28 | use Eccube\Entity\Member; |
||
29 | use Eccube\Log\Monolog\Processor\IntrospectionProcessor; |
||
30 | use Eccube\Log\Monolog\Processor\WebProcessor; |
||
31 | use Monolog\Formatter\LineFormatter; |
||
32 | use Monolog\Handler\FingersCrossed\ErrorLevelActivationStrategy; |
||
33 | use Monolog\Handler\FingersCrossedHandler; |
||
34 | use Monolog\Handler\RotatingFileHandler; |
||
35 | use Monolog\Logger; |
||
36 | use Monolog\Processor\UidProcessor; |
||
37 | |||
38 | /** |
||
39 | * Handler生成クラス |
||
40 | * |
||
41 | * @package Eccube\Log\Monolog\Helper |
||
42 | */ |
||
43 | class LogHelper |
||
44 | { |
||
45 | |||
46 | /** @var \Eccube\Application */ |
||
47 | protected $app; |
||
48 | |||
49 | /** |
||
50 | * EccubeMonologHelper constructor. |
||
51 | * |
||
52 | */ |
||
53 | 1193 | public function __construct($app) |
|
54 | { |
||
55 | 1193 | $this->app = $app; |
|
56 | } |
||
57 | |||
58 | /** |
||
59 | * log.ymlの内容に応じたHandlerの設定を行う |
||
60 | * |
||
61 | * @param array $channelValues |
||
62 | * @return FingersCrossedHandler |
||
63 | */ |
||
64 | 1194 | public function getHandler(array $channelValues) |
|
65 | { |
||
66 | 1193 | $app = $this->app; |
|
67 | |||
68 | 1193 | $levels = Logger::getLevels(); |
|
69 | |||
70 | // ファイル名などの設定を行い、設定がなければデフォルト値を設定 |
||
71 | 1193 | $logFileName = isset($channelValues['filename']) ? $channelValues['filename'] : $app['config']['log']['filename']; |
|
72 | 1193 | $delimiter = isset($channelValues['delimiter']) ? $channelValues['delimiter'] : $app['config']['log']['delimiter']; |
|
73 | 1193 | $dateFormat = isset($channelValues['dateformat']) ? $channelValues['dateformat'] : $app['config']['log']['dateformat']; |
|
74 | 1193 | $logLevel = isset($channelValues['log_level']) ? $channelValues['log_level'] : $app['config']['log']['log_level']; |
|
75 | 1193 | $actionLevel = isset($channelValues['action_level']) ? $channelValues['action_level'] : $app['config']['log']['action_level']; |
|
76 | 1193 | $passthruLevel = isset($channelValues['passthru_level']) ? $channelValues['passthru_level'] : $app['config']['log']['passthru_level']; |
|
77 | 1193 | $maxFiles = isset($channelValues['max_files']) ? $channelValues['max_files'] : $app['config']['log']['max_files']; |
|
78 | 1193 | $logDateFormat = isset($channelValues['log_dateformat']) ? $channelValues['log_dateformat'] : $app['config']['log']['log_dateformat']; |
|
79 | 1193 | $logFormat = isset($channelValues['log_format']) ? $channelValues['log_format'] : $app['config']['log']['log_format']; |
|
80 | |||
81 | 1193 | if ($app['debug']) { |
|
82 | 1189 | $level = Logger::DEBUG; |
|
83 | } else { |
||
84 | 4 | $level = $logLevel; |
|
85 | } |
||
86 | |||
87 | |||
88 | // RotateHandlerの設定 |
||
89 | 1193 | $filename = $app['config']['root_dir'].'/app/log/'.$logFileName.'.log'; |
|
90 | 1193 | $RotateHandler = new RotatingFileHandler($filename, $maxFiles, $level); |
|
91 | 1193 | $RotateHandler->setFilenameFormat( |
|
92 | 1193 | $logFileName.$delimiter.'{date}'.$app['config']['log']['suffix'], |
|
93 | $dateFormat |
||
94 | ); |
||
95 | |||
96 | // ログフォーマットの設定(設定ファイルで定義) |
||
97 | 1193 | $RotateHandler->setFormatter(new LineFormatter($logFormat.PHP_EOL, $logDateFormat, true, true)); |
|
98 | |||
99 | // FingerCossedHandlerの設定 |
||
100 | 1193 | $FingerCrossedHandler = new FingersCrossedHandler( |
|
101 | $RotateHandler, |
||
0 ignored issues
–
show
|
|||
102 | 1193 | new ErrorLevelActivationStrategy($levels[$actionLevel]), |
|
103 | 1193 | 0, |
|
104 | 1193 | true, |
|
105 | 1193 | true, |
|
106 | 1193 | $levels[$passthruLevel] |
|
107 | ); |
||
108 | |||
109 | |||
110 | // Processorの内容をログ出力 |
||
111 | 1193 | $webProcessor = new WebProcessor(); |
|
112 | 1193 | $uidProcessor = new UidProcessor(8); |
|
113 | |||
114 | 1194 | $FingerCrossedHandler->pushProcessor(function ($record) use ($app, $uidProcessor, $webProcessor) { |
|
115 | // ログフォーマットに出力する値を独自に設定 |
||
116 | |||
117 | 1194 | $record['level_name'] = sprintf("%-5s", $record['level_name']); |
|
118 | |||
119 | // セッションIDと会員IDを設定 |
||
120 | 1194 | $record['session_id'] = null; |
|
121 | 1194 | $record['user_id'] = null; |
|
122 | 1194 | if ($app->isBooted()) { |
|
123 | 1194 | if (isset($app['session'])) { |
|
124 | 1191 | $sessionId = $app['session']->getId(); |
|
125 | 1191 | if ($sessionId) { |
|
126 | 635 | $record['session_id'] = substr(sha1($sessionId), 0, 8); |
|
127 | } |
||
128 | } |
||
129 | 1194 | if (isset($app['user'])) { |
|
130 | 1194 | $user = $app->user(); |
|
131 | 1194 | if ($user instanceof Customer || $user instanceof Member) { |
|
132 | 465 | $record['user_id'] = $user->getId(); |
|
133 | } |
||
134 | } |
||
135 | } |
||
136 | |||
137 | 1194 | $record['uid'] = $uidProcessor->getUid(); |
|
138 | |||
139 | 1194 | $record['url'] = $webProcessor->getRequestUri(); |
|
140 | 1194 | $record['ip'] = $webProcessor->getClientIp(); |
|
141 | 1194 | $record['referrer'] = $webProcessor->getReferer(); |
|
142 | 1194 | $record['method'] = $webProcessor->getMethod(); |
|
143 | 1194 | $record['user_agent'] = $webProcessor->getUserAgent(); |
|
144 | |||
145 | // クラス名などを一旦保持し、不要な情報は削除 |
||
146 | 1194 | $line = $record['extra']['line']; |
|
147 | 1194 | $functionName = $record['extra']['function']; |
|
148 | // php5.3だとclass名が取得できないため、ファイル名を元に出力 |
||
149 | // $className = $record['extra']['class']; |
||
150 | 1194 | $className = $record['extra']['file']; |
|
151 | |||
152 | // 不要な情報を削除 |
||
153 | 1194 | unset($record['extra']['file']); |
|
154 | 1194 | unset($record['extra']['line']); |
|
155 | 1194 | unset($record['extra']['class']); |
|
156 | 1194 | unset($record['extra']['function']); |
|
157 | |||
158 | 1194 | $record['class'] = pathinfo($className, PATHINFO_FILENAME); |
|
159 | 1194 | $record['function'] = $functionName; |
|
160 | 1194 | $record['line'] = $line; |
|
161 | |||
162 | 1194 | return $record; |
|
163 | 1193 | }); |
|
164 | |||
165 | // クラス名等を取得するProcessor、ログ出力時にクラス名/関数名を無視するための設定を行っている |
||
166 | 1193 | $skipClasses = array('Psr\\Log\\', 'Eccube\\Log\\'); |
|
167 | $skipFunctions = array( |
||
168 | 1193 | 'log_info', |
|
169 | 'log_notice', |
||
170 | 'log_warning', |
||
171 | 'log_error', |
||
172 | 'log_critical', |
||
173 | 'log_alert', |
||
174 | 'log_emergency' |
||
175 | ); |
||
176 | 1193 | $intro = new IntrospectionProcessor(Logger::DEBUG, $skipClasses, $skipFunctions); |
|
177 | 1193 | $FingerCrossedHandler->pushProcessor($intro); |
|
178 | |||
179 | 1193 | return $FingerCrossedHandler; |
|
180 | |||
181 | } |
||
182 | |||
183 | } |
||
184 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: