Hide PHP_AUTH_PW into debugbar

2023-03-19 11:06:48 +01:00 · 2023-03-19 11:06:48 +01:00 · 6b01edbf01
commit 6b01edbf01
parent dbf5ebe7ee
2 changed files with 12 additions and 1 deletions
--- a/htdocs/admin/system/phpinfo.php
+++ b/htdocs/admin/system/phpinfo.php
@ -252,6 +252,7 @@ foreach ($phparray as $key => $value) {
 		if (!is_array($keyvalue)) {
 			$keytoshow = $keyparam;
 			$valtoshow = $keyvalue;
+
 			// Hide value of session cookies
 			if (in_array($keyparam, array('HTTP_COOKIE', 'Cookie', "\$_SERVER['HTTP_COOKIE']", 'Authorization'))) {
 				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
@ -260,6 +261,10 @@ foreach ($phparray as $key => $value) {
 				$keytoshow = $keyparam;
 				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
 			}
+			if (preg_match('/'.preg_quote('$_SERVER[\'PHP_AUTH_PW', '/').'/i', $keyparam)) {
+				$keytoshow = $keyparam;
+				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
+			}

 			print '<tr class="oddeven">';
 			print '<td>'.$keytoshow.'</td>';
--- a/htdocs/debugbar/class/DataCollector/DolRequestDataCollector.php
+++ b/htdocs/debugbar/class/DataCollector/DolRequestDataCollector.php
@ -51,7 +51,13 @@ class DolRequestDataCollector extends RequestDataCollector
 					}
 					//var_dump($arrayofvalues);
 				}
-
+				if ($var == '_SERVER') {
+					foreach ($arrayofvalues as $key => $val) {
+						if (preg_match('/^PHP_AUTH_PW/', $key)) {
+							$arrayofvalues[$key] = '*****hidden*****';
+						}
+					}
+				}
 				$data["$".$var] = $this->getDataFormatter()->formatVar($arrayofvalues);
 			}
 		}