svn commit: r1791348 - in /ofbiz/branches: release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1791348 - in /ofbiz/branches: release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java

jleroux@apache.org
Author: jleroux
Date: Fri Apr 14 11:06:51 2017
New Revision: 1791348

URL: http://svn.apache.org/viewvc?rev=1791348&view=rev
Log:
"Applied fix from trunk framework BY HAND for revision: 1791346"
------------------------------------------------------------------------
r1791346 | jleroux | 2017-04-14 13:04:04 +0200 (ven. 14 avr. 2017) | 21 lignes

Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
username and password in logs
(OFBIZ-9310)

In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String>...
method, following line of code prints username and password in logs when verbose
 is set to true.

Debug.logVerbose("Request Parameter Map Entries: " +
System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);

Aditya suggested:
Removed the line that prints "Request Parameter Map Entries" as it may print
username and password entered by user when verbose set to true.
It may not be a grave concern for staging environment as verbose are not logged
there but it is still unethical to print such details.

jleroux: I decided to rather comment out the line which might still be useful
in some cases...

Thanks: Aditya Sharma
------------------------------------------------------------------------

Modified:
    ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
    ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java

Modified: ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1791348&r1=1791347&r2=1791348&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/branches/release14.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:06:51 2017
@@ -147,7 +147,7 @@ public class UtilHttp {
 
         if (Debug.verboseOn()) {
             Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
-            Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+          //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
         }
 
         return canonicalizeParameterMap(paramMap);

Modified: ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1791348&r1=1791347&r2=1791348&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/branches/release15.12/framework/base/src/org/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:06:51 2017
@@ -156,7 +156,7 @@ public class UtilHttp {
 
         if (Debug.verboseOn()) {
             Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
-            Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
+          //Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module); see OFBIZ-9310
         }
 
         return canonicalizeParameterMap(paramMap);