Sec: Hide sensitive data in phpinfo

2022-11-15 09:36:35 +01:00 · 2022-11-15 09:36:35 +01:00 · 9b9ed31997
commit 9b9ed31997
parent 0c772945b6
1 changed files with 12 additions and 2 deletions
--- a/htdocs/admin/system/phpinfo.php
+++ b/htdocs/admin/system/phpinfo.php
@ -250,9 +250,19 @@ foreach ($phparray as $key => $value) {
 	//var_dump($value);
 	foreach ($value as $keyparam => $keyvalue) {
 		if (!is_array($keyvalue)) {
-			print '<tr class="oddeven">';
-			print '<td>'.$keyparam.'</td>';
+			$keytoshow = $keyparam;
 			$valtoshow = $keyvalue;
+			// Hide value of session cookies
+			if (in_array($keyparam, array('HTTP_COOKIE', 'Cookie', "\$_SERVER['HTTP_COOKIE']", 'Authorization'))) {
+				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
+			}
+			if (preg_match('/'.preg_quote('$_COOKIE[\'DOLSESSID_', '/').'/i', $keyparam)) {
+				$keytoshow = $keyparam;
+				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
+			}
+
+			print '<tr class="oddeven">';
+			print '<td>'.$keytoshow.'</td>';
 			if ($keyparam == 'X-ChromePhp-Data') {
 				$valtoshow = dol_trunc($keyvalue, 80);
 			}