summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2014-05-12 07:13:22 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2014-05-12 07:23:10 (GMT)
commitd8eaca9ad9e3f2886b25e6af71f2720b3b184bc8 (patch)
treefc8d066451099e290ad5f438fd68b5fc6f268c31
parente916334ac8fb840a1156fb7836349e95a6cc80fc (diff)
downloadiRony-d8eaca9ad9e3f2886b25e6af71f2720b3b184bc8.tar.gz
Don't log real HTTP Auth header values
-rw-r--r--lib/Kolab/Utils/DAVLogger.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/Kolab/Utils/DAVLogger.php b/lib/Kolab/Utils/DAVLogger.php
index 311fc8a..3325544 100644
--- a/lib/Kolab/Utils/DAVLogger.php
+++ b/lib/Kolab/Utils/DAVLogger.php
@@ -101,6 +101,10 @@ class DAVLogger extends DAV\ServerPlugin
// catch all headers
$http_headers = array();
foreach (apache_request_headers() as $hdr => $value) {
+ if (strtolower($hdr) == 'authorization') {
+ $method = preg_match('/^((basic|digest)\s+)/i', $value, $m) ? $m[1] : '';
+ $value = $method . str_repeat('*', strlen($value) - strlen($method));
+ }
$http_headers[$hdr] = "$hdr: $value";
}