From f29d579969a990b85beff5d4ac0d8147b7c4f753 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <machniak@kolabsys.com>
Date: Fri, 28 Jun 2019 11:03:35 +0200
Subject: [PATCH] Do not log userpassword attribute in warning messages
They are still allowed in debug messages.
---
lib/Net/LDAP3.php | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/lib/Net/LDAP3.php b/lib/Net/LDAP3.php
index 2662e91..ef47daa 100644
--- a/lib/Net/LDAP3.php
+++ b/lib/Net/LDAP3.php
@@ -2402,7 +2402,7 @@ class Net_LDAP3
}
else {
$this->_debug("S: " . ldap_error($this->conn));
- $this->_warning("LDAP: Failed to replace attributes on $subject_dn: " . json_encode($attributes['replace']));
+ $this->_warning("LDAP: Failed to replace attributes on $subject_dn: " . $this->_encode_attrs($attributes['replace']));
return false;
}
}
@@ -2417,7 +2417,7 @@ class Net_LDAP3
}
else {
$this->_debug("S: " . ldap_error($this->conn));
- $this->_warning("LDAP: Failed to delete attributes on $subject_dn: " . json_encode($attributes['del']));
+ $this->_warning("LDAP: Failed to delete attributes on $subject_dn: " . $this->_encode_attrs($attributes['del']));
return false;
}
}
@@ -2432,7 +2432,7 @@ class Net_LDAP3
}
else {
$this->_debug("S: " . ldap_error($this->conn));
- $this->_warning("LDAP: Failed to add attributes on $subject_dn: " . json_encode($attributes['add']));
+ $this->_warning("LDAP: Failed to add attributes on $subject_dn: " . $this->_encode_attrs($attributes['add']));
return false;
}
}
@@ -2615,6 +2615,19 @@ class Net_LDAP3
}
}
+ /**
+ * Convert attributes array into a string for logging
+ * Remove plain text passwords
+ */
+ private function _encode_attrs($attributes)
+ {
+ if (isset($attributes['userpassword'])) {
+ $attributes['userpassword'] = '*';
+ }
+
+ return json_encode($attributes);
+ }
+
/**
* Quotes attribute value string
*
--
GitLab