From: <bla...@us...> - 2014-11-29 01:27:35
|
Revision: 22833 http://sourceforge.net/p/bzflag/code/22833 Author: blast007 Date: 2014-11-29 01:27:28 +0000 (Sat, 29 Nov 2014) Log Message: ----------- Never dump password information (hashed or otherwise) to the log. Modified Paths: -------------- trunk/web/bzfls/bzfls.php Modified: trunk/web/bzfls/bzfls.php =================================================================== --- trunk/web/bzfls/bzfls.php 2014-11-29 01:25:47 UTC (rev 22832) +++ trunk/web/bzfls/bzfls.php 2014-11-29 01:27:28 UTC (rev 22833) @@ -12,9 +12,6 @@ // IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED // WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -define ('MD5_PASSWORD', true); - define('IN_PHPBB', true); $phpbb_root_path = '../../forums.bzflag.org/htdocs/'; $phpEx = 'php'; @@ -105,8 +102,8 @@ foreach ($a as $key => $val){ if (!strlen($msg)) $msg .= ', '; - if (MD5_PASSWORD && strncasecmp ($key, "PASS", 4)==0) - $val = md5($val); + if (strncasecmp ($key, "PASS", 4)==0) + $val = "**PASSWORD FILTERED**"; $msg .= "$key=$val"; } return str_replace (array ("\r", "\n"), array ('<\r>', '<\n>'), $msg); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |