From 34ee24ef8dfa582733a5a5a6cf6d960cf57af9b3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 17 Dec 2021 10:31:27 +0100
Subject: [PATCH] Fix the include family of "functions" in stack trace
 sanitization

`include` et al are not actual functions, but language constructs. For this
reason they cannot be reflected, causing their arguments to show as
`[error_during_sanitization]`. Fix this by special casing them to not run the
sanitization, they do not contain sensitive arguments (apart from the path
which is redacted independently later).
---
 wcfsetup/install/files/lib/core.functions.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index 848417b840..76a61eaf4c 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -717,7 +717,14 @@ EXPLANATION;
 			if (!isset($item['args'])) $item['args'] = [];
 
 			try {
-				if (!empty($item['args'])) {
+				$cannotBeReflected = !$item['class'] && \in_array($item['function'], [
+					'include',
+					'include_once',
+					'require',
+					'require_once',
+				]);
+
+				if (!empty($item['args']) && !$cannotBeReflected) {
 					if ($item['class']) {
 						$function = new \ReflectionMethod($item['class'], $item['function']);
 					}
-- 
2.20.1