Skip to content

CiviCRM Log File: Dates and Security

Overview

The (text) log file generated by CiviCRM has three issues:

  1. The risk of XSS (as described here: https://github.com/adixon/ca.civicrm.logviewer/issues/11)
  2. The formatting of date/times that are dependent on locale (as noted here: https://github.com/adixon/ca.civicrm.logviewer/pull/10)
  3. The timezone of the date/time which is dependent on the source of the error but not specified in the output (i.e. the date time is of unknown and indeterminate timzeone).

Expected behaviour

  1. I would expect the date/time of the error to be consistent and machine parseable and the timezone explicit.
  2. I would expect the urls in the file to be XSS safe.

Comments

As per @bgm the log file date/times may be coming from a PEAR package.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information