From a9d17903cfb228e3558872f2ca7c15e20873257b Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Wed, 28 Nov 2012 10:53:43 +0000
Subject: [PATCH] Fix for Trac#627: Don't log the parameters in the call stack
 in case of exception to protect sensitive data.

SVN:trunk[2476]
---
 setup/applicationinstaller.class.inc.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/setup/applicationinstaller.class.inc.php b/setup/applicationinstaller.class.inc.php
index d3d81dc00..09094f360 100644
--- a/setup/applicationinstaller.class.inc.php
+++ b/setup/applicationinstaller.class.inc.php
@@ -373,8 +373,15 @@ class ApplicationInstaller
 				'percentage-completed' => 100,
 			);
 			
-			SetupPage::log_error('An exception occurred: '.$e->getMessage());
-			SetupPage::log("Stack trace:\n".$e->getTraceAsString());
+			SetupPage::log_error('An exception occurred: '.$e->getMessage().' at line '.$e->getLine().' in file '.$e->getFile());
+			$idx = 0;
+			// Log the call stack, but log the parameters since they may contain passwords or other sensitive data
+			SetupPage::log("Call stack:");
+			foreach($e->getTrace() as $aTrace)
+			{
+				SetupPage::log("#$idx {$aTrace['file']}({$aTrace['line']}): {$aTrace['function']}(...)");
+				$idx++;
+			}
 		}
 		return $aResult;
 	}