From 24297a695f52a061e471dbeacae874acda5a0e68 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 15 Jul 2008 23:16:16 +0200
Subject: remove sensitive data from debug output more aggressively

This patch adds a new function that is used to remove sensitive data from
the debug output in a broader way. It will remove some innocent data but
should make sure most passwords and similar data can not be accessed even
when stored in some plugin's configuration data.

Disabling the debug option is still highly recommended.

darcs-hash:20080715211616-7ad00-19334e56d3910bcaa04147c4c59e0c59571764f3.gz
---
 inc/html.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'inc/html.php')

diff --git a/inc/html.php b/inc/html.php
index ba4e54d8c..59a3de344 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -1138,13 +1138,11 @@ function html_debug(){
 
   //remove sensitive data
   $cnf = $conf;
-  $cnf['auth']='***';
-  $cnf['notify']='***';
-  $cnf['ftp']='***';
+  debug_guard($cnf);
   $nfo = $INFO;
-  $nfo['userinfo'] = '***';
+  debug_guard($nfo);
   $ses = $_SESSION;
-  $ses[$conf['title']]['auth'] = '***';
+  debug_guard($ses);
 
   print '<html><body>';
 
-- 
cgit v1.2.3