[MediaWiki-commits] [Gerrit] monolog: Ensure that context data added by WebProcessor is u... - change (operations/mediawiki-config)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: monolog: Ensure that context data added by WebProcessor is 
utf-8 safe
......................................................................


monolog: Ensure that context data added by WebProcessor is utf-8 safe

Errors have been seen in the production logs related to the REQUEST_URI
and/or HTTP_REFERER data containing non utf-8 characters. These fields
are injected into the logging context using Monolog's WebProcessor
class. Use the optional constructor argument for WebProcessor to set our
own values for use and escape the values provided using htmlentities().

Change-Id: Ieb8c602a9b2f60437640d72533f8f0dce43eaad6
---
M wmf-config/logging.php
1 file changed, 16 insertions(+), 0 deletions(-)

Approvals:
  Ori.livneh: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/wmf-config/logging.php b/wmf-config/logging.php
index 4cf135a..4c11863 100644
--- a/wmf-config/logging.php
+++ b/wmf-config/logging.php
@@ -49,6 +49,22 @@
        ),
        'web' => array(
                'class' => '\\Monolog\\Processor\\WebProcessor',
+               'args' => array(
+                       function () {
+                               // Ensure that context data added by 
WebProcessor is utf-8
+                               // safe by applying htmlentities() encoding
+                               $keys = array( 'REQUEST_URI', 'REMOTE_ADDR', 
'REQUEST_METHOD', 'SERVER_NAME', 'HTTP_REFERER' );
+                               $serverData = array();
+                               foreach ( $keys as $key ) {
+                                       if ( isset( $_SERVER[$key] ) ) {
+                                               $serverData[$key] = 
htmlentities(
+                                                       $_SERVER[$key], 
ENT_NOQUOTES, 'UTF-8', false
+                                               );
+                                       }
+                               }
+                               return $serverData;
+                       }
+               ),
        ),
 );
 

-- 
To view, visit https://gerrit.wikimedia.org/r/251431
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ieb8c602a9b2f60437640d72533f8f0dce43eaad6
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits