OFBiz › OFBiz - Commits

svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Author: jleroux
Date: Fri Apr 14 11:04:04 2017
New Revision: 1791346

URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
Log:
Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
username and password in logs
(OFBIZ-9310)

In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String>...
method, following line of code prints username and password in logs when verbose
is set to true.

Debug.logVerbose("Request Parameter Map Entries: " +
System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);

Aditya suggested:
Removed the line that prints "Request Parameter Map Entries" as it may print
username and password entered by user when verbose set to true.
It may not be a grave concern for staging environment as verbose are not logged
there but it is still unethical to print such details.

jleroux: I decided to rather comment out the line which might still be useful
in some cases...

Thanks: Aditya Sharma

Modified:
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
@@ -158,7 +158,7 @@ public final class UtilHttp {

if (Debug.verboseOn()) {
Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
- Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+ //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
}

return canonicalizeParameterMap(paramMap);