Issue #2790857 by poker10, dalin, richardcanoe, mcdruid, yogeshmpawar, Rishi Kulshreshtha: Log completely unusable when an entry has corrupt serialized data

2022-05-27 10:02:06 +01:00 · 2022-05-27 10:02:06 +01:00 · 30e76c63e3
parent 55e20f3f70
commit 30e76c63e3
2 changed files with 38 additions and 2 deletions
--- a/modules/dblog/dblog.admin.inc
+++ b/modules/dblog/dblog.admin.inc
@ -286,13 +286,19 @@ function theme_dblog_message($variables) {
  $event = $variables['event'];
  // Check for required properties.
  if (isset($event->message) && isset($event->variables)) {
+    $event_variables = @unserialize($event->variables);
    // Messages without variables or user specified text.
-    if ($event->variables === 'N;') {
+    if ($event_variables === NULL) {
      $output = $event->message;
    }
+    elseif (!is_array($event_variables)) {
+      $output = t('Log data is corrupted and cannot be unserialized: @message', array(
+        '@message' => $event->message,
+      ));
+    }
    // Message to translate with injected variables.
    else {
-      $output = t($event->message, unserialize($event->variables));
+      $output = t($event->message, $event_variables);
    }
    // If the output is expected to be a link, strip all the tags and
    // special characters by using filter_xss() without any allowed tags.
--- a/modules/dblog/dblog.test
+++ b/modules/dblog/dblog.test
@ -58,12 +58,42 @@ class DBLogTestCase extends DrupalWebTestCase {
    $this->verifyCron($row_limit);
    $this->verifyEvents();
    $this->verifyReports();
+    $this->testDBLogCorrupted();

    // Login the regular user.
    $this->drupalLogin($this->any_user);
    $this->verifyReports(403);
  }

+  /**
+   * Tests corrupted log entries can still display available data.
+   */
+  private function testDBLogCorrupted() {
+    global $base_root;
+
+    // Prepare the fields to be logged
+    $log = array(
+      'type'        => 'custom',
+      'message'     => 'Log entry added to test the unserialize failure.',
+      'variables'   => 'BAD SERIALIZED DATA',
+      'severity'    => WATCHDOG_NOTICE,
+      'link'        => '',
+      'user'        => $this->big_user,
+      'uid'         => isset($this->big_user->uid) ? $this->big_user->uid : 0,
+      'request_uri' => $base_root . request_uri(),
+      'referer'     => $_SERVER['HTTP_REFERER'],
+      'ip'          => ip_address(),
+      'timestamp'   => REQUEST_TIME,
+    );
+    dblog_watchdog($log);
+
+    // View the database log report page.
+    $this->drupalGet('admin/reports/dblog');
+    $this->assertResponse(200);
+    $output = truncate_utf8(filter_xss(t('Log data is corrupted and cannot be unserialized: Log entry added to test unserialize failure.'), array()), 56, TRUE, TRUE);
+    $this->assertText($output, 'Log data is corrupted and cannot be unserialized.');
+  }
+
  /**
   * Verifies setting of the database log row limit.
   *