Don't log real HTTP Auth header values

author: Thomas Bruederli <bruederli@kolabsys.com> 2014-05-12 07:13:22 (GMT)
committer: Thomas Bruederli <bruederli@kolabsys.com> 2014-05-12 07:23:10 (GMT)
commit: d8eaca9ad9e3f2886b25e6af71f2720b3b184bc8 (patch)
tree: fc8d066451099e290ad5f438fd68b5fc6f268c31 /lib/Kolab/Utils/DAVLogger.php
parent: e916334ac8fb840a1156fb7836349e95a6cc80fc (diff)
download: iRony-d8eaca9ad9e3f2886b25e6af71f2720b3b184bc8.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/Kolab/Utils/DAVLogger.php b/lib/Kolab/Utils/DAVLogger.php
index 311fc8a..3325544 100644
--- a/lib/Kolab/Utils/DAVLogger.php
+++ b/lib/Kolab/Utils/DAVLogger.php
@@ -101,6 +101,10 @@ class DAVLogger extends DAV\ServerPlugin
             // catch all headers
             $http_headers = array();
             foreach (apache_request_headers() as $hdr => $value) {
+                if (strtolower($hdr) == 'authorization') {
+                    $method = preg_match('/^((basic|digest)\s+)/i', $value, $m) ? $m[1] : '';
+                    $value = $method . str_repeat('*', strlen($value) - strlen($method));
+                }
                 $http_headers[$hdr] = "$hdr: $value";
             }
author	Thomas Bruederli <bruederli@kolabsys.com>	2014-05-12 07:13:22 (GMT)
committer	Thomas Bruederli <bruederli@kolabsys.com>	2014-05-12 07:23:10 (GMT)
commit	d8eaca9ad9e3f2886b25e6af71f2720b3b184bc8 (patch)
tree	fc8d066451099e290ad5f438fd68b5fc6f268c31 /lib/Kolab/Utils/DAVLogger.php
parent	e916334ac8fb840a1156fb7836349e95a6cc80fc (diff)
download	iRony-d8eaca9ad9e3f2886b25e6af71f2720b3b184bc8.tar.gz