Commit 30e76c63 authored by Drew Webber's avatar Drew Webber
Browse files

Issue #2790857 by poker10, dalin, richardcanoe, mcdruid, yogeshmpawar, Rishi... 

Issue #2790857 by poker10, dalin, richardcanoe, mcdruid, yogeshmpawar, Rishi Kulshreshtha: Log completely unusable when an entry has corrupt serialized data
parent 55e20f3f

modules/dblog/dblog.admin.inc

+8 −2
Original line number Diff line number Diff line
@@ -286,13 +286,19 @@ function theme_dblog_message($variables) { 
  $event = $variables['event'];

  // Check for required properties.

  if (isset($event->message) && isset($event->variables)) {

    $event_variables = @unserialize($event->variables);

    // Messages without variables or user specified text.

    if ($event->variables === 'N;') {

    if ($event_variables === NULL) {

      $output = $event->message;

    }

    elseif (!is_array($event_variables)) {

      $output = t('Log data is corrupted and cannot be unserialized: @message', array(

        '@message' => $event->message,

      ));

    }

    // Message to translate with injected variables.

    else {

      $output = t($event->message, unserialize($event->variables));

      $output = t($event->message, $event_variables);

    }

    // If the output is expected to be a link, strip all the tags and

    // special characters by using filter_xss() without any allowed tags.

modules/dblog/dblog.test

+30 −0
Original line number Diff line number Diff line
@@ -58,12 +58,42 @@ class DBLogTestCase extends DrupalWebTestCase { 
    $this->verifyCron($row_limit);

    $this->verifyEvents();

    $this->verifyReports();

    $this->testDBLogCorrupted();



    // Login the regular user.

    $this->drupalLogin($this->any_user);

    $this->verifyReports(403);

  }



  /**

   * Tests corrupted log entries can still display available data.

   */

  private function testDBLogCorrupted() {

    global $base_root;



    // Prepare the fields to be logged

    $log = array(

      'type'        => 'custom',

      'message'     => 'Log entry added to test the unserialize failure.',

      'variables'   => 'BAD SERIALIZED DATA',

      'severity'    => WATCHDOG_NOTICE,

      'link'        => '',

      'user'        => $this->big_user,

      'uid'         => isset($this->big_user->uid) ? $this->big_user->uid : 0,

      'request_uri' => $base_root . request_uri(),

      'referer'     => $_SERVER['HTTP_REFERER'],

      'ip'          => ip_address(),

      'timestamp'   => REQUEST_TIME,

    );

    dblog_watchdog($log);



    // View the database log report page.

    $this->drupalGet('admin/reports/dblog');

    $this->assertResponse(200);

    $output = truncate_utf8(filter_xss(t('Log data is corrupted and cannot be unserialized: Log entry added to test unserialize failure.'), array()), 56, TRUE, TRUE);

    $this->assertText($output, 'Log data is corrupted and cannot be unserialized.');

  }



  /**

   * Verifies setting of the database log row limit.

   *