Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix Add '_pw' var as var sensibles.

Browse Source
This commit is contained in:
Laurent Destailleur
2020-05-06 04:03:07 +02:00
parent 8512fba7db
commit 30fede216c
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/api/class/api_setup.class.php
View File

@@ -1429,7 +1429,7 @@ class Setup extends DolibarrApi
if (!preg_match('/^[a-zA-Z0-9_]+$/', $constantname) || !isset($conf->global->$constantname)) { if (!preg_match('/^[a-zA-Z0-9_]+$/', $constantname) || !isset($conf->global->$constantname)) {
throw new RestException(500, 'Error Bad or unknown value for constantname'); throw new RestException(500, 'Error Bad or unknown value for constantname');
} }
if (preg_match('/(_pass|password|secret|_key|key$)/i', $constantname)) { if (preg_match('/(_pass|_pw|password|secret|_key|key$)/i', $constantname)) {
throw new RestException(403, 'Forbidden'); throw new RestException(403, 'Forbidden');
} }

2
htdocs/core/class/commondocgenerator.class.php
View File

@@ -325,7 +325,7 @@ abstract class CommonDocGenerator
foreach ($conf->global as $key => $val) foreach ($conf->global as $key => $val)
{ {
if (preg_match('/(_pass|password|secret|_key|key$)/i', $key)) $newval = '*****forbidden*****'; if (preg_match('/(_pass|_pw|password|secret|_key|key$)/i', $key)) $newval = '*****forbidden*****';
else $newval = $val; else $newval = $val;
$array_other['__['.$key.']__'] = $newval; $array_other['__['.$key.']__'] = $newval;
} }

2
htdocs/core/lib/functions.lib.php
View File

@@ -6523,7 +6523,7 @@ function make_substitutions($text, $substitutionarray, $outputlangs = null)
if (dol_textishtml($text, 1)) $msgishtml = 1; if (dol_textishtml($text, 1)) $msgishtml = 1;
$keyfound = $reg[1]; $keyfound = $reg[1];
if (preg_match('/(_pass|password|secret|_key|key$)/i', $keyfound)) $newval = '*****forbidden*****'; if (preg_match('/(_pass|_pw|password|secret|_key|key$)/i', $keyfound)) $newval = '*****forbidden*****';
else $newval = empty($conf->global->$keyfound) ? '' : $conf->global->$keyfound; else $newval = empty($conf->global->$keyfound) ? '' : $conf->global->$keyfound;
$text = preg_replace('/__\['.preg_quote($keyfound, '/').'\]__/', $msgishtml ?dol_htmlentitiesbr($newval) : $newval, $text); $text = preg_replace('/__\['.preg_quote($keyfound, '/').'\]__/', $msgishtml ?dol_htmlentitiesbr($newval) : $newval, $text);
} }