Audit required: Presence of debug function found PHP-A1012
Use of
var_dump() to log can be risky if the variable contains sensitive information264 $printJob->state = PrintJob::SUCCESS;
265 return redirect()->back()->with('message', __('general.successful_modification'));
266 } else {
267 Log::warning("cannot cancel print job " . $printJob->job_id ." for unknown reasons: " . var_dump($result));268 return redirect()->back()->with('error', __('general.unknown_error'));
269 }
270 }Use of
var_export() to log can be risky if the variable contains sensitive information57 $this->notifyStaff($fault, /* reopen */ true);
58 }
59
60 return var_export($auth);61 }
62
63 public function notifyStaff(Fault $fault, bool $reopen = false)
Description
Debugging functions such as var_dump, print_r or var_export should not be kept in production code. These functions display information about the variable, which can be helpful during development. However, if they contain any sensitive information, the presence of these functions in production code can expose that. Therefore, it is advised to avoid using it in production.
Bad practice
function getUser() {
$query = buildQuery('users', ['*']);
var_dump($query);
}
Recommended
function getUser() {
$query = buildQuery('users', ['*']);
Log::info(print_r($query, true));
}