Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[5.7] Masking the content of .env on Whoops page #26947

Closed
wants to merge 3 commits into from
Closed

[5.7] Masking the content of .env on Whoops page #26947

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
383718e
Adds all env variable names to whoops blacklist
wilkinsocks Dec 24, 2018
46a95a6
Adds env blacklist config option
wilkinsocks Dec 24, 2018
fa3b06a
Updates formatting
wilkinsocks Dec 24, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 41 additions & 1 deletion src/Illuminate/Foundation/Exceptions/WhoopsHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,23 @@

namespace Illuminate\Foundation\Exceptions;

use Dotenv\Dotenv;
use Illuminate\Support\Arr;
use Illuminate\Filesystem\Filesystem;
use Whoops\Handler\PrettyPageHandler;

class WhoopsHandler
{
/**
* The superglobals to blacklist env keys in.
*
* @var array
*/
const BLACKLISTED_SUPERGLOBALS = [
'_ENV',
'_SERVER',
];

/**
* Create a new Whoops handler for debug mode.
*
Expand All @@ -19,6 +30,7 @@ public function forDebug()
$handler->handleUnconditionally(true);

$this->registerApplicationPaths($handler)
->registerEnvBlacklist($handler)
->registerBlacklist($handler)
->registerEditor($handler);
});
Expand Down Expand Up @@ -53,7 +65,7 @@ protected function directoriesExceptVendor()
}

/**
* Register the blacklist with the handler.
* Register the app blacklist with the handler.
*
* @param \Whoops\Handler\PrettyPageHandler $handler
* @return $this
Expand All @@ -69,6 +81,34 @@ protected function registerBlacklist($handler)
return $this;
}

/**
* Register the env file blacklist with the handler.
*
* @param \Whoops\Handler\PrettyPageHandler $handler
* @return $this
*/
protected function registerEnvBlacklist($handler)
{
if (! (config('app.debug_env_blacklist'))) {
return $this;
}

$dotenv = new Dotenv(base_path());
$dotenv->safeLoad();

foreach ($dotenv->getEnvironmentVariableNames() as $key) {
if (in_array($key, config('app.debug_whitelist'))) {
continue;
}

foreach (self::BLACKLISTED_SUPERGLOBALS as $superglobal) {
$handler->blacklist($superglobal, $key);
}
}

return $this;
}

/**
* Register the editor with the handler.
*
Expand Down