Bug #85773: Flaws in sys_log entry IP anonymization - TYPO3 Core - TYPO3 Forge

Custom queries

12 LTS
Accessibility
Dashboard issues
Easy tasks
Extbase Issues
FAL Issues
FAL Sprint 2023
Hierarchical Issues
Issues reported for v11
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
Most wanted Bugfixes
Most wanted Features
My open issues
New & Unassigned
No feedback within 90 days
Open Bugs
Open issues of 10
Page Tree Regressions after 2020-07-28
Recently modified
Regressions
Stabilization Issues
Usability or UX

Watchers (2)

Felix Nagel
Stefan Neufeind

Actions

Copy link

Bug #85773

closed

Flaws in sys_log entry IP anonymization

Added by Oliver Hader over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Markus Klein

Category:

Backend API

Target version:

9.4

Start date:

2018-06-21

Due date:

2018-06-21

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

7.2

Tags:

Complexity:

Is Regression:

Yes

Sprint Focus:

Description

The sys_log entry IP anonymization has several flaws which lead to a revert of the initial change in master:

REMOTE_ADDR is anonymized, REMOTE_HOST not (probably there are more occurrences)
PHP method sprintf() is invoked with too many arguments, username information is out of bounds
introduced in https://review.typo3.org/#/c/57313/

Related issues 1 (0 open — 1 closed)

Follows TYPO3 Core - Bug #85316: Anonymize IP scheduler tasks does not clean up log_data field

Closed

2018-06-20

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Gerrit Code Review over 5 years ago

Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57830

Actions

Copy link

Updated by Oliver Hader over 5 years ago

Description updated (diff)

Actions

Copy link

Updated by Gerrit Code Review over 5 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57830

Actions

Copy link

Updated by Gerrit Code Review over 5 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57830

Actions

Copy link

Updated by Gerrit Code Review over 5 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57830

Actions

Copy link

Updated by Oliver Hader over 5 years ago

Status changed from Under Review to New
Priority changed from Should have to Must have
Target version set to 9.4
Is Regression set to Yes

Parts of the flaws have been changed in between with https://review.typo3.org/#/c/57759/
I'm leaving this as is for the time being, since I don't have the time to identify what is fixed and what not - a simple revert is however not possible anymore

Actions

Copy link

Updated by Markus Klein over 5 years ago

Assignee set to Markus Klein

Actions

Copy link

Updated by Markus Klein over 5 years ago

Due date set to 2018-06-21
Start date changed from 2018-08-07 to 2018-06-21
Follows Bug #85316: Anonymize IP scheduler tasks does not clean up log_data field added

Actions

Copy link

Updated by Gerrit Code Review over 5 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57832

Actions

Copy link

#10