From 64791c69da32f7194e0cd673bb0cc70a74d33013 Mon Sep 17 00:00:00 2001
From: Urban Müller
Date: Mon, 21 Aug 2017 17:10:23 +0200
Subject: hide passwords in urls as well

---
 it.class | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/it.class b/it.class
index 50d171c..47ce722 100644
--- a/it.class
+++ b/it.class
@@ -259,7 +259,7 @@ static function error($p = array())
 				$body .= $_FILES      ? "\$_FILES:  " . var_export($_FILES, true) . "\n\n" : "";
 				$body .= "Processes:\n" . it::exec('ps auxf | egrep -v "rotatelogs|getbanner|logaction|httpd|systemd|sd-pam"|egrep "^www|^cron"') . "\n";
 				$body .= $stackframes ? "Stack: "     . print_r($stackframes, true) . "\n\n" : "";
-				$body  = it::replace(array('(pw|passw|password|secret)\] => .*' => '$1] => ********'), $body, array('utf8' => false));
+				$body  = it::replace(array('(pw|passw|password|secret)(\] => |=)[^&\s]*' => '$1$2********'), $body, array('utf8' => false));
 			}
 
 			it::mail(array('To' => $p['to'], 'Subject' => substr($p['title'], 0, 160), 'Body' => $body, 'Cc' => $GLOBALS['it_defaultconfig']['error_cc'], 'forcemail' => !it::is_devel()));
-- 
cgit v1.2.3