___|  _ \   |  |    |   |_ _|\ \     / ____|
 |     |   |  |  |    |   |  |  \ \   /  __|
 |   | |   | ___ __|  ___ |  |   \ \ /   |
\____|\___/     _|   _|  _|___|   \_/   _____| 

 --- A GOPHER-LIKE INTERFACE FOR HIVE BLOCKCHAIN ---

Using PSR-3 placeholders properly

BY: @crell | CREATED: Feb. 26, 2023, 4:25 p.m. | VOTES: 148 | PAYOUT: $2.96 | [ VOTE ]

Moved to https://www.garfieldtech.com/blog/psr-3-properly

TAGS: [ #php ] [ #programming ] [ #phpfig ]

Replies

@stemsocial | Feb. 26, 2023, 5:52 p.m. | Votes: 0 | [ VOTE ]

Thanks for your contribution to the STEMsocial community. Feel free to join us on discord to get to know the rest of us!

Please consider delegating to the @stemsocial account (85% of the curation rewards are returned).

You may also include @stemsocial as a beneficiary of the rewards of this post to get a stronger support.  

@keys-defender | Feb. 27, 2023, 8:07 p.m. | Votes: 1 | [ VOTE ]

     

It looks like this post contains a link that does not use a secure protocol:
http://seldaek.github.io/monolog

HTTP is in use instead of HTTPS and no protocol redirection is in place.

Do not enter sensitive information in this website as your data won't be encrypted.

[More info on this free service].
Read about HTTP unsafety:   https://whynohttps.com   https://web.dev/why-https-matters

{Current avg of HTTP links in Hive post/comments: n/a/h}

Auto-reply throttled 1/20 to reduce spam. If it still bothers you, reply "OFF HTTP".

Service sponsored by @cryptoshots.nft, 🔫 3D Shooter on Hive
_ Vote for our WITNESS to support this FREE service!

@crell | March 1, 2023, 4:43 p.m. | Votes: 0 | [ VOTE ]

As an addendum, thank you to the Symfony docs folks who have already addressed the highlighted issue and updated their Logging documentation accordingly.

@redditposh | March 6, 2023, 3:59 p.m. | Votes: 0 | [ VOTE ]

https://reddit.com/r/PHP/comments/11k2o6i/on_the_use_of_psr3_placeholders/
The rewards earned on this comment will go directly to the people sharing the post on Reddit as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

@crell | March 6, 2023, 7:36 p.m. | Votes: 0 | [ VOTE ]

And now Laravel has updated their configuration to default new projects to interpolating PSR-3 placeholders, too!

@crell | April 24, 2023, 7:20 p.m. | Votes: 0 | [ VOTE ]

The Laravel docs have now also been updated accordingly!

@stubenhocker | July 24, 2024, 3:55 p.m. | Votes: 0 | [ VOTE ]

Thanks for pointing that out! I was indeed using PSR-3 loggers incorrectly without knowing it. However, I don't understand how placeholders reduce the security risk.

User supplied data should be sanitised anyway, whether used directly in the log message (which I now know is wrong) or in the context array. What am I missing?

Or is it meant to not sanitise user supplied data and persist whatever comes (including malicious stuff) and let the part of the software that displays the logs and interpolates the placeholders take care of the risk?

[ BACK TO TRENDING ] [ BACK TO MENU ]
CMD>