OFBiz › OFBiz - Notifications

[jira] [Closed] (OFBIZ-9310) On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Nicolas Malin (Jira)

[jira] [Closed] (OFBIZ-9310) On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs

[ https://issues.apache.org/jira/browse/OFBIZ-9310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-9310.
----------------------------------
Resolution: Fixed
Fix Version/s: Release Branch 14.12
Release Branch 15.12
16.11.02
Upcoming Release

Thanks Aditya,

I decided to rather comment out the line which might still be useful in some cases...

Fixed in
trunk r1791346
R16.11 r1791347
R15.12 and 14.12 r1791348

> On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs
> -----------------------------------------------------------------------------------------------
>
> Key: OFBIZ-9310
> URL: https://issues.apache.org/jira/browse/OFBIZ-9310
> Project: OFBiz
> Issue Type: Sub-task
> Reporter: Aditya Sharma
> Assignee: Jacques Le Roux
> Fix For: Upcoming Release, 16.11.02, Release Branch 15.12, Release Branch 14.12
>
> Attachments: OFBIZ-9310.patch
>
>
> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends String> nameSet, Boolean onlyIncludeOrSkip) method, following line of code prints username and password in logs when verbose is set to true.
> if (Debug.verboseOn()) {
> Debug.logVerbose("Made Request Parameter Map with [" + paramMap.size() + "] Entries", module);
> Debug.logVerbose("Request Parameter Map Entries: " + System.getProperty("line.separator") + UtilMisc.printMap(paramMap), module);
> }

--
This message was sent by Atlassian JIRA
(v6.3.15#6346)