Add realpath error handling, temp cleanup on fatal errors, credentials sanitization #1922
Conversation
imhayatunnabi
commented
Oct 15, 2025
imhayatunnabi
commented
- Missing Error Handling for realpath() Failures
- Temporary Directory Not Cleaned Up on Certain Failures
- Database Connection Error Messages Expose Credentials
- Port Validation Accepts Invalid Ports
|
could you rebase this with |
imhayatunnabi
force-pushed
the
fix/teamp-cleanup-credential-sanitisation
branch
2 times, most recently
from
a0c1462 to
5e29175
Compare
|
Is this ok now ? @freekmurze |
imhayatunnabi
force-pushed
the
fix/teamp-cleanup-credential-sanitisation
branch
from
890a51d to
d262b49
Compare
…ntial sanitization, and robust port validation
imhayatunnabi
force-pushed
the
fix/teamp-cleanup-credential-sanitisation
branch
from
d262b49 to
c8e2cf4
Compare
|
rebase is done. was facing issue with my upstream. now resolved. rebased and updated in the latest commit. @freekmurze |
freekmurze
left a comment
freekmurze
left a comment
There was a problem hiding this comment.
Thank you for this. I think the changes are probably a bit too strict (and the code is a bit too complicated to my eyes).
There is one new exception that you introduced that we could keep, but could you refactor it so it follows the patterns of the other exceptions?
src/Helpers/CredentialSanitizer.php
Outdated
| @@ -0,0 +1,47 @@ | |||
| <?php | |||
|
|
|||
| namespace Spatie\Backup\Helpers; | |||
| ->force() | ||
| ->create() | ||
| ->empty(); | ||
| $cleanupRegistered = false; |
src/Tasks/Backup/BackupJob.php
Outdated
| $this->copyToBackupDestinations($zipFile); | ||
| } catch (Exception $exception) { | ||
| consoleOutput()->error("Backup failed because: {$exception->getMessage()}.".PHP_EOL.$exception->getTraceAsString()); | ||
| $sanitizedError = CredentialSanitizer::sanitizeException($exception); |
There was a problem hiding this comment.
Remove this, it think just throwing the exception is fine.
src/Tasks/Backup/BackupJob.php
Outdated
| try { | ||
| if (! $backupDestination->isReachable()) { | ||
| throw new Exception("Could not connect to disk {$backupDestination->diskName()} because: {$backupDestination->connectionError()}"); | ||
| $sanitizedError = CredentialSanitizer::sanitizeMessage($backupDestination->connectionError()); |
There was a problem hiding this comment.
I'm ok with throwing an exception here. You don't need to sanitize the message.
There was a problem hiding this comment.
Do refactor the exception to how it's done for the other exceptions. See BackupFailed
src/Tasks/Backup/BackupJob.php
Outdated
| $this->sendNotification(new BackupWasSuccessful($backupDestination)); | ||
| } catch (Exception $exception) { | ||
| consoleOutput()->error("Copying zip failed because: {$exception->getMessage()}."); | ||
| $sanitizedError = CredentialSanitizer::sanitizeMessage($exception->getMessage()); |
There was a problem hiding this comment.
Remove this, I think the current exception is good enough
|
|
||
| if (isset($dbConfig['port'])) { | ||
| if (filter_var($dbConfig['port'], FILTER_VALIDATE_INT, [ | ||
| $port = $dbConfig['port']; |
There was a problem hiding this comment.
Remove this. It'll fail elsewhere if the port is not correct.
| $path .= DIRECTORY_SEPARATOR; | ||
| $realPath = realpath($path); | ||
|
|
||
| if ($realPath === false) { |
There was a problem hiding this comment.
I'm fine with excluded paths being non-existent. Remove all changes to this function.
|
@freekmurze any review or update ? |
|
@freekmurze about that .?? |
imhayatunnabi
changed the title
2 participants
