diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2025-02-17 12:12:02 +0100 |
|---|---|---|
| committer | Côme Chilliet <come.chilliet@nextcloud.com> | 2025-02-17 15:24:08 +0100 |
| commit | 25f38883f168df228940c816d41329918407ad35 (patch) | |
| tree | 13b603f497343bfceca60a2e4a2c2167c47fd703 | |
| parent | 85fbd3eb0ab1650f9385acd869d5f4ab21006a8a (diff) | |
| download | nextcloud-server-25f38883f168df228940c816d41329918407ad35.tar.gz nextcloud-server-25f38883f168df228940c816d41329918407ad35.zip | |
fix: Work around false-positive psalm taint error calling print_r in admin_audit
Same issue as var_export, print_r is listed as sink but it’s not when
using return:true. Anyway, using the logger context feature is better.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| -rw-r--r-- | apps/admin_audit/lib/Actions/Action.php | 7 | ||||
| -rw-r--r-- | build/psalm-baseline-security.xml | 5 |
2 files changed, 2 insertions, 10 deletions
diff --git a/apps/admin_audit/lib/Actions/Action.php b/apps/admin_audit/lib/Actions/Action.php index 2566025a8ce..acd415d82ea 100644 --- a/apps/admin_audit/lib/Actions/Action.php +++ b/apps/admin_audit/lib/Actions/Action.php @@ -37,11 +37,8 @@ class Action { ); } else { $this->logger->critical( - sprintf( - '$params["' . $element . '"] was missing. Transferred value: %s', - print_r($params, true) - ), - ['app' => 'admin_audit'] + '$params["' . $element . '"] was missing. Transferred value: {params}', + ['app' => 'admin_audit', 'params' => $params] ); } return; diff --git a/build/psalm-baseline-security.xml b/build/psalm-baseline-security.xml index f15718796c2..4df4cd7d687 100644 --- a/build/psalm-baseline-security.xml +++ b/build/psalm-baseline-security.xml @@ -1,10 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"> - <file src="apps/admin_audit/lib/Actions/Action.php"> - <TaintedHtml> - <code><![CDATA[$params]]></code> - </TaintedHtml> - </file> <file src="apps/files_external/lib/Config/ConfigAdapter.php"> <TaintedCallable> <code><![CDATA[$objectClass]]></code> |