diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2020-05-14 15:17:03 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2020-05-14 15:17:03 +0100 |
| commit | 743d1d6315ac635e54507834e798b8f85d4219cb (patch) | |
| tree | 7ba283bdbfa27e71264a751fda8a0398ea71396c /app/Site.php | |
| parent | 9574834f892634dcd1a965fc9aa1e04b033cc2bc (diff) | |
| download | webtrees-743d1d6315ac635e54507834e798b8f85d4219cb.tar.gz webtrees-743d1d6315ac635e54507834e798b8f85d4219cb.tar.bz2 webtrees-743d1d6315ac635e54507834e798b8f85d4219cb.zip | |
Fix: #3242 - do not store sensitive data in the audit log
Diffstat (limited to 'app/Site.php')
| -rw-r--r-- | app/Site.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/app/Site.php b/app/Site.php index 9b814e37a7..cbbb962fa7 100644 --- a/app/Site.php +++ b/app/Site.php @@ -21,6 +21,7 @@ namespace Fisharebest\Webtrees; use Illuminate\Database\Capsule\Manager as DB; +use function in_array; use function mb_substr; /** @@ -28,6 +29,11 @@ use function mb_substr; */ class Site { + // The following preferences contain sensitive data, and should not be logged. + private const SENSITIVE_PREFERENCES = [ + 'SMTP_AUTH_PASS' + ]; + /** * Everything from the wt_site_setting table. * @@ -78,6 +84,10 @@ class Site self::$preferences[$setting_name] = $setting_value; + if (in_array($setting_name, self::SENSITIVE_PREFERENCES, true)) { + $setting_value = '********'; + } + Log::addConfigurationLog('Site preference "' . $setting_name . '" set to "' . $setting_value . '"', null); } } |
