summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2014-05-12 07:13:22 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2014-05-12 07:13:22 (GMT)
commit70d7b18252ce32abba7280fe94cf8f5b04cfa575 (patch)
treead631ab42f540c0a1539fa60233e37ca6c1a4f28
parent4561e85e147f3d7470b1afca43913de382327a44 (diff)
downloadiRony-70d7b18252ce32abba7280fe94cf8f5b04cfa575.tar.gz
Don't log real HTTP Auth header values
-rw-r--r--lib/Kolab/Utils/DAVLogger.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/Kolab/Utils/DAVLogger.php b/lib/Kolab/Utils/DAVLogger.php
index deb57ad..c1c3067 100644
--- a/lib/Kolab/Utils/DAVLogger.php
+++ b/lib/Kolab/Utils/DAVLogger.php
@@ -101,6 +101,10 @@ class DAVLogger extends DAV\ServerPlugin
// catch all headers
$http_headers = array();
foreach (apache_request_headers() as $hdr => $value) {
+ if (strtolower($hdr) == 'authorization') {
+ $method = preg_match('/^((basic|digest)\s+)/i', $value, $m) ? $m[1] : '';
+ $value = $method . str_repeat('*', strlen($value) - strlen($method));
+ }
$http_headers[$hdr] = "$hdr: $value";
}