|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-05-19 23:20 UTC] helly@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Jan 15 10:01:29 2025 UTC |
Description: ------------ Exception::getTrace() is final. Because of that it's not possible to override it in order to hide backtrace when it contains sensitive data. I'm developing library and I'd like to throw exceptions from sensitive context without messing default handlers. I realize that client's code is supposed to catch exceptions or disable reporting, but I can't believe that everyone will RTFM and comply. This issue also affects PDO. It would be nice if it could hide passwords instead of just having this risk documented. Reproduce code: --------------- class StealthFoolproofException extends Exception { function getTrace() {return NULL;} } function test($secretpassword) { throw new StealthFoolproofException(); } test('don\'t reveal that'); Expected result: ---------------- PHP Error: Fatal error: Uncaught exception StealthFoolproofException ... Stack trace: none. Actual result: -------------- Cannot override final method Exception::getTrace(). If not overriden, reveals arguments.