Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue where json_encode quietly fails due to binary data inside telescope entry #1266

Merged
merged 1 commit into from
Nov 3, 2022
Merged

Fix issue where json_encode quietly fails due to binary data inside telescope entry #1266

merged 1 commit into from
Nov 3, 2022

Conversation

Hexide
Copy link
Contributor

@Hexide Hexide commented Nov 3, 2022

I have encountered an issue, where the telescope did not save any requests for me.

Example of issue:
Send a request to the application with telescope enabled: /?my-parameter=4jOH%1a%14)%1a7%d1%60%8cd%40t%94%86m%e6%f8
The expected result: Request to be logged (if so configured) in the telescope.
Actual result: Nothing is saved (as if no request was sent)

Cause:
json_encode in some situations fails to encode binary data, silently fails, and returns false.

Possible abuse:
This can also be abused and requests which are generated for malicious purposes could be hidden from the telescope simply by including a bit of binary data which fails to json_encode.

Solution:
We can tell json_encode to replace invalid utf8 characters to \0xfffd. Which corrupts the original request before saving it database, however, it seems like the lesser of two evils.

@taylorotwell taylorotwell merged commit aa7bd24 into laravel:4.x Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants