From 9b9ed3199709bcabcdda10e1f9191b069fc4fadc Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 15 Nov 2022 09:36:35 +0100
Subject: [PATCH] Sec: Hide sensitive data in phpinfo

---
 htdocs/admin/system/phpinfo.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/system/phpinfo.php b/htdocs/admin/system/phpinfo.php
index d8a0b384971..301231b1e4c 100644
--- a/htdocs/admin/system/phpinfo.php
+++ b/htdocs/admin/system/phpinfo.php
@@ -250,9 +250,19 @@ foreach ($phparray as $key => $value) {
 	//var_dump($value);
 	foreach ($value as $keyparam => $keyvalue) {
 		if (!is_array($keyvalue)) {
-			print '<tr class="oddeven">';
-			print '<td>'.$keyparam.'</td>';
+			$keytoshow = $keyparam;
 			$valtoshow = $keyvalue;
+			// Hide value of session cookies
+			if (in_array($keyparam, array('HTTP_COOKIE', 'Cookie', "\$_SERVER['HTTP_COOKIE']", 'Authorization'))) {
+				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
+			}
+			if (preg_match('/'.preg_quote('$_COOKIE[\'DOLSESSID_', '/').'/i', $keyparam)) {
+				$keytoshow = $keyparam;
+				$valtoshow = '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
+			}
+
+			print '<tr class="oddeven">';
+			print '<td>'.$keytoshow.'</td>';
 			if ($keyparam == 'X-ChromePhp-Data') {
 				$valtoshow = dol_trunc($keyvalue, 80);
 			}