From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 17 Dec 2021 09:31:27 +0000 (+0100)
Subject: Fix the include family of "functions" in stack trace sanitization
X-Git-Tag: 5.4.10_dev_1~2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=34ee24ef8dfa582733a5a5a6cf6d960cf57af9b3;p=GitHub%2FWoltLab%2FWCF.git

Fix the include family of "functions" in stack trace sanitization

`include` et al are not actual functions, but language constructs. For this
reason they cannot be reflected, causing their arguments to show as
`[error_during_sanitization]`. Fix this by special casing them to not run the
sanitization, they do not contain sensitive arguments (apart from the path
which is redacted independently later).
---

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index 848417b840..76a61eaf4c 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -717,7 +717,14 @@ EXPLANATION;
 			if (!isset($item['args'])) $item['args'] = [];
 
 			try {
-				if (!empty($item['args'])) {
+				$cannotBeReflected = !$item['class'] && \in_array($item['function'], [
+					'include',
+					'include_once',
+					'require',
+					'require_once',
+				]);
+
+				if (!empty($item['args']) && !$cannotBeReflected) {
 					if ($item['class']) {
 						$function = new \ReflectionMethod($item['class'], $item['function']);
 					}