diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2015-12-16 22:25:29 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-12-16 22:25:29 +0100 |
commit | b77d2178be56354b76a91c14b0dbe6bbccb1cec7 (patch) | |
tree | 23752ab32ad5c9de2db2f380c4dc0cfca44b9817 /Bugzilla/Object.pm | |
parent | 8a4cfa905ed78bb1f46865c5d660337e8982e385 (diff) | |
download | bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.gz bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.bz2 bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.xz bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.zip |
Bug 1232578: Don't save hashed passwords in audit_log
r/a=dkl
Diffstat (limited to 'Bugzilla/Object.pm')
-rw-r--r-- | Bugzilla/Object.pm | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 8f25e2b20..d43c8ca34 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -599,11 +599,29 @@ sub audit_log { foreach my $field (keys %$changes) { # Skip private changes. next if $field =~ /^_/; - my ($from, $to) = @{ $changes->{$field} }; + my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field}); $sth->execute($user_id, $class, $self->id, $field, $from, $to); } } +sub _sanitize_audit_log { + my ($self, $field, $changes) = @_; + my $class = ref($self) || $self; + + # Do not store hashed passwords. Only record the algorithm used to encode them. + if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') { + foreach my $passwd (@$changes) { + next unless $passwd; + my $algorithm = 'unknown_algorithm'; + if ($passwd =~ /{([^}]+)}$/) { + $algorithm = $1; + } + $passwd = "hashed_with_$algorithm"; + } + } + return @$changes; +} + sub flatten_to_hash { my $self = shift; my $class = blessed($self); |