You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by Sebastian Bazley <se...@apache.org> on 2016/03/19 11:34:19 UTC
[whimsy.git] [1/1] Commit d2bfc21: Although should only be visible to logged in user, it's safer not to
Commit d2bfc2140c08d32492b1083838d1840454cdd677:
Although should only be visible to logged in user, it's safer not to
expose the value
Branch: refs/heads/master
Author: Sebb <se...@apache.org>
Committer: Sebb <se...@apache.org>
Pusher: sebb <se...@apache.org>
------------------------------------------------------------
www/board/test.cgi | +++++++
www/committers/test.cgi | +++++++
www/members/test.cgi | +++++++
www/test.cgi | +++++++
------------------------------------------------------------
28 changes: 28 additions, 0 deletions.
------------------------------------------------------------
diff --git a/www/board/test.cgi b/www/board/test.cgi
index 2116558..89fc2ad 100755
--- a/www/board/test.cgi
+++ b/www/board/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
#print ENV.inspect
ENV.sort.each do |k,v|
+ if k.eql? 'HTTP_AUTHORIZATION'
+ # cannot use sub! because value is fozen
+ # redact non-empty string
+ if v and not v.empty?
+ v = '<redacted>'
+ end
+ end
print "#{k} #{v}\n"
end
diff --git a/www/committers/test.cgi b/www/committers/test.cgi
index 2116558..89fc2ad 100755
--- a/www/committers/test.cgi
+++ b/www/committers/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
#print ENV.inspect
ENV.sort.each do |k,v|
+ if k.eql? 'HTTP_AUTHORIZATION'
+ # cannot use sub! because value is fozen
+ # redact non-empty string
+ if v and not v.empty?
+ v = '<redacted>'
+ end
+ end
print "#{k} #{v}\n"
end
diff --git a/www/members/test.cgi b/www/members/test.cgi
index 2116558..89fc2ad 100755
--- a/www/members/test.cgi
+++ b/www/members/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
#print ENV.inspect
ENV.sort.each do |k,v|
+ if k.eql? 'HTTP_AUTHORIZATION'
+ # cannot use sub! because value is fozen
+ # redact non-empty string
+ if v and not v.empty?
+ v = '<redacted>'
+ end
+ end
print "#{k} #{v}\n"
end
diff --git a/www/test.cgi b/www/test.cgi
index 2116558..89fc2ad 100755
--- a/www/test.cgi
+++ b/www/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
#print ENV.inspect
ENV.sort.each do |k,v|
+ if k.eql? 'HTTP_AUTHORIZATION'
+ # cannot use sub! because value is fozen
+ # redact non-empty string
+ if v and not v.empty?
+ v = '<redacted>'
+ end
+ end
print "#{k} #{v}\n"
end