upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merge pull request #40013 from nextcloud/fix/remove-pw-from-logging

Browse source 
Do not log passwords in debug mode
This commit is contained in:
Joas Schilling 2023-08-24 11:42:51 +02:00 committed by GitHub
commit dce0db8d69
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apps/user_ldap/lib/LDAP.php
View file

@ -33,6 +33,7 @@
*/
namespace OCA\User_LDAP;
use OCP\IConfig;
use OCP\Profiler\IProfiler;
use OC\ServerNotAvailableException;
use OCA\User_LDAP\DataCollector\LdapDataCollector;
@ -317,6 +318,14 @@ class LDAP implements ILDAPWrapper {
private function preFunctionCall(string $functionName, array $args): void {
$this->curArgs = $args;
if(strcasecmp($functionName, 'ldap_bind') === 0) {
// The arguments are not key value pairs
// \OCA\User_LDAP\LDAP::bind passes 3 arguments, the 3rd being the pw
// Remove it via direct array access for now, although a better solution could be found mebbe?
// @link https://github.com/nextcloud/server/issues/38461
$args[2] = IConfig::SENSITIVE_VALUE;
}
$this->logger->debug('Calling LDAP function {func} with parameters {args}', [
'app' => 'user_ldap',
'func' => $functionName,