Author: jleroux
Date: Fri Apr 14 11:06:51 2017
New Revision: 1791348
URL:
http://svn.apache.org/viewvc?rev=1791348&view=revLog:
"Applied fix from trunk framework BY HAND for revision: 1791346"
------------------------------------------------------------------------
r1791346 | jleroux | 2017-04-14 13:04:04 +0200 (ven. 14 avr. 2017) | 21 lignes
Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
username and password in logs
(OFBIZ-9310)
In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String>...
method, following line of code prints username and password in logs when verbose
is set to true.
Debug.logVerbose("Request Parameter Map Entries: " +
System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
Aditya suggested:
Removed the line that prints "Request Parameter Map Entries" as it may print
username and password entered by user when verbose set to true.
It may not be a grave concern for staging environment as verbose are not logged
there but it is still unethical to print such details.
jleroux: I decided to rather comment out the line which might still be useful
in some cases...
Thanks: Aditya Sharma
------------------------------------------------------------------------
Modified:
ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
Modified: ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1791348&r1=1791347&r2=1791348&view=diff==============================================================================
--- ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:06:51 2017
@@ -147,7 +147,7 @@ public class UtilHttp {
if (Debug.verboseOn()) {
Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
- Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+ //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
}
return canonicalizeParameterMap(paramMap);
Modified: ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1791348&r1=1791347&r2=1791348&view=diff==============================================================================
--- ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:06:51 2017
@@ -156,7 +156,7 @@ public class UtilHttp {
if (Debug.verboseOn()) {
Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
- Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+ //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
}
return canonicalizeParameterMap(paramMap);
Locked
