SF.net SVN: bzflag:[22833] trunk/web/bzfls/bzfls.php

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 22833
          http://sourceforge.net/p/bzflag/code/22833
Author:   blast007
Date:     2014-11-29 01:27:28 +0000 (Sat, 29 Nov 2014)
Log Message:
-----------
Never dump password information (hashed or otherwise) to the log.

Modified Paths:
--------------
    trunk/web/bzfls/bzfls.php

Modified: trunk/web/bzfls/bzfls.php
===================================================================

--- trunk/web/bzfls/bzfls.php	2014-11-29 01:25:47 UTC (rev 22832)
+++ trunk/web/bzfls/bzfls.php	2014-11-29 01:27:28 UTC (rev 22833)
@@ -12,9 +12,6 @@
 // IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 // WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
-
-define ('MD5_PASSWORD', true);
-
 define('IN_PHPBB', true);
 $phpbb_root_path = '../../forums.bzflag.org/htdocs/';
 $phpEx = 'php';
@@ -105,8 +102,8 @@
   foreach ($a as $key => $val){
     if (!strlen($msg))
       $msg .= ', ';
-    if (MD5_PASSWORD && strncasecmp ($key, "PASS", 4)==0)
-      $val = md5($val);
+    if (strncasecmp ($key, "PASS", 4)==0)
+      $val = "**PASSWORD FILTERED**";
     $msg .= "$key=$val";
   }
   return str_replace (array ("\r", "\n"), array ('<\r>', '<\n>'), $msg);

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



