svn commit: r1791347 - in /ofbiz/branches/release16.11: ./ framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Author: jleroux
Date: Fri Apr 14 11:04:57 2017
New Revision: 1791347

URL: http://svn.apache.org/viewvc?rev=1791347&view=rev
Log:
"Applied fix from trunk framework for revision: 1791346"
------------------------------------------------------------------------
r1791346 | jleroux | 2017-04-14 13:04:04 +0200 (ven. 14 avr. 2017) | 21 lignes

Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
username and password in logs
(OFBIZ-9310)

In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String>...
method, following line of code prints username and password in logs when verbose
 is set to true.

Debug.logVerbose("Request Parameter Map Entries: " +
System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);

Aditya suggested:
Removed the line that prints "Request Parameter Map Entries" as it may print
username and password entered by user when verbose set to true.
It may not be a grave concern for staging environment as verbose are not logged
there but it is still unethical to print such details.

jleroux: I decided to rather comment out the line which might still be useful
in some cases...

Thanks: Aditya Sharma
------------------------------------------------------------------------


Modified:
    ofbiz/branches/release16.11/   (props changed)
    ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Propchange: ofbiz/branches/release16.11/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 14 11:04:57 2017
@@ -10,5 +10,5 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790810,1791277,1791288,1791342
+/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790810,1791277,1791288,1791342,1791346
 /ofbiz/trunk:1770481,1770490,1770540,1771440,1771448,1771516,1771935,1772346,1772880,1774772,1775441,1779724,1780659,1781109,1781125,1781979,1782498,1782520

Modified: ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1791347&r1=1791346&r2=1791347&view=diff
==============================================================================
--- ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:57 2017
@@ -158,7 +158,7 @@ public final class UtilHttp {
 
         if (Debug.verboseOn()) {
             Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
-            Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+            //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
         }
 
         return canonicalizeParameterMap(paramMap);