Page MenuHomePhabricator
Files F3289657

T125177.patch
Tgr (Gergő Tisza)
Actions

Authored By
Tgr
Jan 29 2016, 2:04 AM
Size
823 B
Referenced Files
None
Subscribers
None

T125177.patch
View Options

From 91757fff4b8c5931f002eca5ae400a1334f63713 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Fri, 29 Jan 2016 02:01:18 +0000
Subject: [PATCH] SECURITY: Redact passwords in API log
Bug: T125177
Change-Id: Id527e1e874c8246e047efd5da1ce93d5231b60c1
---
includes/api/ApiMain.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 6ddc28a..873e1a5 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1331,6 +1331,10 @@ class ApiMain extends ApiBase {
continue;
}
+ if ( $name === 'lgpassword' ) {
+ $value = 'REDACTED';
+ }
+
if ( strlen( $value ) > 256 ) {
$value = substr( $value, 0, 256 );
$encValue = $this->encodeRequestLogValue( $value ) . '[...]';
--
1.9.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3297046
Default Alt Text
T125177.patch (823 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits