Comments (8)
Thanks for this Adam -- we'll get this rolled in ASAP 👍
from raygun4php.
Hi Adam,
I've been looking into this, and the fix above throws another warning: iconv() expects parameter 3 to be string, object given in '../RaygunClient.php'. This is as expected as iconv()'s choking on the fact that $message is a RaygunMessage object.
What fields are the malformed input appearing in - assuming it's one of the Request data fields? We could sanitize it manually when parsing the request object.. alternatively, would it be possible to ensure that the user data is encoded in UTF-8 (assuming it's coming in from a POST)?
from raygun4php.
Hi Callum,
Right, of course. Sorry about that.
This is really only a concern with the request data (post/get) as you note. So probably what needs to happen is in RaygunRequestMessage#__construct().
Something like:
$this->form = array_map(
function($str) {
return iconv('UTF-8', 'UTF-8//IGNORE', $str);
},
$_POST
);
and later:
$this->rawData = iconv('UTF-8', 'UTF-8//IGNORE', file_get_contents('php://input'));
As you note, it would be possible to do this in the application code before it's handled by Raygun (at least with respect to $_POST), but that would require modifying the superglobal itself, which isn't a good idea.
Hope that helps!
Adam
from raygun4php.
Cheers for that! I've pushed a branch with those changes and after testing it appears to work on my end. When you have a chance can you grab the latest version and verify that it's fixed the error message you were seeing.
Callum
from raygun4php.
Thanks, Callum. So far so good! I'll let you know if I run into trouble.
from raygun4php.
Hey Callum,
Sorry, but I just realized there's a pretty serious bug with the code I gave you above. The array_map for the $_POST data assumes that every element of $_POST is a string. But of course, with PHP you can submit form values like, e.g., name="field[]" which causes $_POST to include a nested array. This will break the above code and cause an additional error to be thrown.
A possible fix (which I haven't had a chance to test):
$utf8_convert = function($value) use (&$utf8_convert) {
return is_array($value) ?
array_map($utf8_convert, $value) :
iconv('UTF-8', 'UTF-8//IGNORE', $value);
};
$this->form = array_map($utf8_convert, $_POST);
from raygun4php.
Ah excellent, thanks for the code. I've tested it locally and it appears to do what is expected - when $_POST contains data from a form with
<input type="text" name="eg[0]" value="1" />
<input type="text" name="eg[1]" value="2" />
no error will be thrown (as opposed to before). The Form Values section in the Raygun dashboard will correctly display eg = "1, 2". I've pushed the change to the request-fix branch, if you could verify that the fix works and doesn't throw any further errors I'll merge it into master.
from raygun4php.
Thanks, Callum. Works for me.
from raygun4php.
Related Issues (20)
- Continue logging errors locally to error_log
- Issues when bundled in a phar archive HOT 4
- Use Guzzle instead of cURL HOT 1
- Add error bundling to help deal with high traffic
- JSON schema HOT 1
- Invalid characters passed for attempted conversion HOT 5
- "Couldn't send asynchronously" error HOT 2
- Deprecated: Invalid characters passed for attempted conversion, these have been ignored HOT 2
- Exclusion of sensitive data HOT 10
- UTF-8 encoding not working
- UTF-8 encoding not working on v1.8 for php 5.3+ HOT 3
- Exclude all form data HOT 2
- Provide a way to filter out IpAddress
- Raygun doesn't actually report the file name and line number of the actual error, which is the most important part. HOT 5
- Incorrect no. params passed to ErrorException HOT 3
- escapeshellarg(): Input string contains NULL bytes HOT 1
- Potential breaking change for rhumsaa/uuid HOT 2
- Illegal string offset in PHP7.1 HOT 1
- iconv(): Detected an illegal character in input string HOT 3
- Errors sent with SendError don't look similar to SendException
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from raygun4php.