- Issue created by @joelpittet
- Merge request !8832encode message as UTF-8 to filter out bad SQL characters β (Open) created by joelpittet
- Status changed to Needs review
about 2 months ago 12:56am 19 July 2024 - π¨π¦Canada joelpittet Vancouver
Not sure where the tests should go, my guess would be
\Drupal\Tests\dblog\Functional\DbLogTestanybody confirm?I am ok writing the test, though if someone wants to take a crack at it I am happy to leave it to someone else.
- Status changed to Needs work
about 2 months ago 3:28pm 19 July 2024 - πΊπΈUnited States smustgrave
Not sure where the tests should go, my guess would be \Drupal\Tests\dblog\Functional\DbLogTest
That's where I would or
Drupal\Tests\dblog\Kernel\DbLogTestif possible to do kernel - π§πͺBelgium weseze
We are seeing the same type of issue with specifically crafted URL's causing errors when logging the "location" field for a page not found log.
These url's contain the "\x85" byte sequence. (displayed as character "β¦")
Using this byte sequence in the request url, for a non existing URL, causes a log entry to be written in dblog (the page not found message), and trying to write this to database than causes a fatal error to be thrown.This does not cause any direct security risks, just annoying to have all these fatal errors in the log.
Should we also apply "mb_convert_encoding()" to al $context parameters?