remove sensitive data from debug output more aggressively

This patch adds a new function that is used to remove sensitive data from
the debug output in a broader way. It will remove some innocent data but
should make sure most passwords and similar data can not be accessed even
when stored in some plugin's configuration data.

Disabling the debug option is still highly recommended.

darcs-hash:20080715211616-7ad00-19334e56d3910bcaa04147c4c59e0c59571764f3.gz

2 files changed, 20 insertions, 5 deletions

diff --git a/inc/html.php b/inc/html.php
index ba4e54d8c..59a3de344 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -1138,13 +1138,11 @@ function html_debug(){
 
   //remove sensitive data
   $cnf = $conf;
-  $cnf['auth']='***';
-  $cnf['notify']='***';
-  $cnf['ftp']='***';
+  debug_guard($cnf);
   $nfo = $INFO;
-  $nfo['userinfo'] = '***';
+  debug_guard($nfo);
   $ses = $_SESSION;
-  $ses[$conf['title']]['auth'] = '***';
+  debug_guard($ses);
 
   print '<html><body>';
 
diff --git a/inc/infoutils.php b/inc/infoutils.php
index 1fc55702e..18de75c28 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -316,3 +316,20 @@ function dbg_backtrace(){
   return implode("\n", $calls);
 }
 
+/**
+ * Remove all data from an array where the key seems to point to sensitive data
+ *
+ * This is used to remove passwords, mail addresses and similar data from the
+ * debug output
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+function debug_guard(&$data){
+    foreach($data as $key => $value){
+        if(preg_match('/(notify|pass|auth|secret|ftp|userinfo|token|buid|mail|proxy)/i',$key)){
+            $data[$key] = '***';
+            continue;
+        }
+        if(is_array($value)) debug_guard($data[$key]);
+    }
+}