Skip to content

fix: safely interpolate logger context values#10384

Open
michalsn wants to merge 2 commits into
codeigniter4:developfrom
michalsn:fix/logger-interpolate
Open

fix: safely interpolate logger context values#10384
michalsn wants to merge 2 commits into
codeigniter4:developfrom
michalsn:fix/logger-interpolate

Conversation

@michalsn

@michalsn michalsn commented Jul 7, 2026

Copy link
Copy Markdown
Member

Description
This PR fixes logger message interpolation so arbitrary PSR-3 context values do not raise PHP warnings or errors when used as placeholders.

Context values are now converted to safe strings before being passed to strtr(). Arrays and Entities are rendered with print_r() to match the logger's existing output style, Stringable values such as Time continue to use their string representation, and non-stringable objects/resources fall back to safe descriptive placeholders.

Reported in: https://forum.codeigniter.com/showthread.php?tid=94242

Ref: https://www.php-fig.org/psr/psr-3/

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@michalsn michalsn added the bug Verified issues on the current code behavior or pull requests that will fix them label Jul 7, 2026
Comment thread system/Log/Logger.php Outdated
Co-authored-by: John Paul E Balandan <paulbalandan@gmail.com>
@michalsn michalsn requested a review from paulbalandan July 7, 2026 14:32
@hiSandog

hiSandog commented Jul 8, 2026

Copy link
Copy Markdown

The safe interpolation behavior should be tested with the full PSR-3 variety: arrays, scalar values, Stringable objects, plain objects, resources, and null. That matters because the logger should never emit PHP warnings while handling context, but it also should not change the existing readable output style for arrays/entities.

@michalsn

michalsn commented Jul 8, 2026

Copy link
Copy Markdown
Member Author

I believe we already covered a fair number of cases, and the previous behavior when it comes to the strings has not changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Verified issues on the current code behavior or pull requests that will fix them

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants