duanhui1869 2018-05-15 19:01
浏览 47

Eloquent ORM连接参数的意外var_dump

I'm in the process of reworking the database layer of a legacy PHP application utilizing Laravel's Eloquent ORM (and related packages).

On occasion, I will forget to call the get method (or other similar method which returns a collection) when working with a model. In the course of debugging, if I call var_dump on the query builder object it dumps a bunch of sensitive information such as database username / password:

//Trying to access User model, but forgot to use get method    
$test = User::where('name', 'Joe');

//Dump a Illuminate\Database\Eloquent\Builder object with all its sensitive bits out
var_dump($test);

I'm wondering if there is some safeguard that I can put in place to prevent this information from being displayed so that on the off chance that some debugging code like this gets pushed to production I don't end up offering up my db password to users.

  • 写回答

1条回答 默认 最新

  • doufan9395 2018-05-16 14:16
    关注

    You can use PHPMD with a rule like Development Code Fragment. You will want to run this every time before pushing up to production.

    Functions like var_dump(), print_r() etc. are normally only used during development and therefore such calls in production code are a good indicator that they were just forgotten.

    Example:

    class SuspectCode {

    public function doSomething(array $items)
    {
        foreach ($items as $i => $item) {
            // …

            if ('qafoo' == $item) var_dump($i);

            // …
        }
    }
}

    This rule has the following properties:

    Malformed table. Text in column margin in table line 4.

    =================================== =============== ==================================================
 Name                                Default Value   Description
=================================== =============== ==================================================
 unwanted-functions                  var_dump,print_r,debug_zval_dump,debug_print_backtrace  Comma separated list of suspect function images.
=================================== =============== ==================================================
    评论

报告相同问题?

悬赏问题

  • ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
  • ¥50 我撰写的python爬虫爬不了 要爬的网址有反爬机制
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥120 计算机网络的新校区组网设计
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等