diff options
| author | Urban Müller | 2024-04-25 18:54:37 +0200 |
|---|---|---|
| committer | Urban Müller | 2024-04-25 18:54:37 +0200 |
| commit | c2136d616576a2ff9f36f477870ba32317ac666a (patch) | |
| tree | cab6679d4c194f296eea5e670dbe1f670987ec35 | |
| parent | 07bd4d876ac027853e5dc4f0fca0481c35cc4932 (diff) | |
| download | itools-c2136d616576a2ff9f36f477870ba32317ac666a.tar.gz itools-c2136d616576a2ff9f36f477870ba32317ac666a.tar.bz2 itools-c2136d616576a2ff9f36f477870ba32317ac666a.zip | |
apply password hiding in both json and var_dump format
| -rw-r--r-- | it.class | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -287,7 +287,7 @@ static function error($p = array(), $extra = null) if ($sendmail || EDC('verboseerrors')) # we're mailing: send maximum info { - $p['title'] = it::replace(['alert:|server:|^: "' => "", '"(pw|passw|password\d*|secret)": *"[^"]*"' => '"$1": "*******"'], "$service: " . $p['title']) . " (via " . getenv('HOSTNAME') . ")"; + $p['title'] = it::replace(['alert:|server:|^: "' => "", '(pw|passw|password\d*|secret)(=)[^&\s]*' => '$1$2*****'], "$service: " . $p['title']) . " (via " . getenv('HOSTNAME') . ")"; if (!$p['omitdebuginfo']) { @@ -307,7 +307,9 @@ static function error($p = array(), $extra = null) $body .= $_FILES ? "\$_FILES: " . it::json_encode($_FILES, ['pretty' => true]) . "\n" : ""; $body .= "Processes:\n" . it::exec('ps auxf | egrep -v "rotatelogs|getbanner|logaction|httpd|systemd|sd-pam"|egrep "^www|^cron"') . "\n"; $body .= $longstack ? "Full stack: " . "$longstack\n" : ""; - $body = it::replace(['"(pw|passw|password\d*|secret)": *"[^"]*"' => '"$1": "*******"'], $body, array('utf8' => false)); + + $body = it::replace(['(pw|passw|password\d*|secret)(\' => |\] => |=)[^&\s]*' => '$1$2********'], $body, ['utf8' => false]); + $body = it::replace(['"(pw|passw|password\d*|secret)": *"[^"]*"' => '"$1": "*******"'], $body, ['utf8' => false]); } $type = ($p['fatal'] ? (it::is_live() ? "FATAL: " : "Fatal: ") : "Error: "); |