You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by Sebastian Bazley <se...@apache.org> on 2016/03/19 11:34:19 UTC

[whimsy.git] [1/1] Commit d2bfc21: Although should only be visible to logged in user, it's safer not to

Commit d2bfc2140c08d32492b1083838d1840454cdd677:
    Although should only be visible to logged in user, it's safer not to
    expose the value


Branch: refs/heads/master
Author: Sebb <se...@apache.org>
Committer: Sebb <se...@apache.org>
Pusher: sebb <se...@apache.org>

------------------------------------------------------------
www/board/test.cgi                                           | +++++++ 
www/committers/test.cgi                                      | +++++++ 
www/members/test.cgi                                         | +++++++ 
www/test.cgi                                                 | +++++++ 
------------------------------------------------------------
28 changes: 28 additions, 0 deletions.
------------------------------------------------------------


diff --git a/www/board/test.cgi b/www/board/test.cgi
index 2116558..89fc2ad 100755
--- a/www/board/test.cgi
+++ b/www/board/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/committers/test.cgi b/www/committers/test.cgi
index 2116558..89fc2ad 100755
--- a/www/committers/test.cgi
+++ b/www/committers/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/members/test.cgi b/www/members/test.cgi
index 2116558..89fc2ad 100755
--- a/www/members/test.cgi
+++ b/www/members/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/test.cgi b/www/test.cgi
index 2116558..89fc2ad 100755
--- a/www/test.cgi
+++ b/www/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end