You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2017/04/14 11:36:26 UTC
Re: svn commit: r1791346 -
/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/
base/util/UtilHttp.java
This is a particular case as explained in the commit
Jacques
Le 14/04/2017 � 13:27, Taher Alkhateeb a �crit :
> It is usually bad practice to comment out code as discussed in other
> threads. I recommend either keeping or deleting that bit of code.
>
> On Apr 14, 2017 2:04 PM, <jl...@apache.org> wrote:
>
>> Author: jleroux
>> Date: Fri Apr 14 11:04:04 2017
>> New Revision: 1791346
>>
>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>> Log:
>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>> username and password in logs
>> (OFBIZ-9310)
>>
>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>> String>...
>> method, following line of code prints username and password in logs when
>> verbose
>> is set to true.
>>
>> Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>>
>> Aditya suggested:
>> Removed the line that prints "Request Parameter Map Entries" as it may
>> print
>> username and password entered by user when verbose set to true.
>> It may not be a grave concern for staging environment as verbose are not
>> logged
>> there but it is still unethical to print such details.
>>
>> jleroux: I decided to rather comment out the line which might still be
>> useful
>> in some cases...
>>
>> Thanks: Aditya Sharma
>>
>> Modified:
>> ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>
>> if (Debug.verboseOn()) {
>> Debug.logVerbose("Made Request Parameter Map with [" +
>> paramMap.size() + "] Entries", module);
>> - Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>> + //Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module); see OFBIZ-9310
>> }
>>
>> return canonicalizeParameterMap(paramMap);
>>
>>
>>
Re: svn commit: r1791346 -
/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/
base/util/UtilHttp.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
Because you can't easily retrieve a such line from history if you don't know it existed, having it ready is handy.
I agree with the idea of removing superfluous lines in general, but there can be exceptions in rules, this is one.
This said if you really feel a need to remove it, I let your scratch your itch :)
Jacques
Le 14/04/2017 � 13:55, Taher Alkhateeb a �crit :
> To my understanding all commented out code is commented out because it
> "might still be useful". And if something "might be useful" then you can
> always find it in source control. There is no specific reason that I saw in
> your comment beyond "might be useful" to warrant keeping it as far as I
> read.
>
> On Apr 14, 2017 2:36 PM, "Jacques Le Roux" <ja...@les7arts.com>
> wrote:
>
> This is a particular case as explained in the commit
>
> Jacques
>
>
>
> Le 14/04/2017 � 13:27, Taher Alkhateeb a �crit :
>
>> It is usually bad practice to comment out code as discussed in other
>> threads. I recommend either keeping or deleting that bit of code.
>>
>> On Apr 14, 2017 2:04 PM, <jl...@apache.org> wrote:
>>
>> Author: jleroux
>>> Date: Fri Apr 14 11:04:04 2017
>>> New Revision: 1791346
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>>> Log:
>>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>>> username and password in logs
>>> (OFBIZ-9310)
>>>
>>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>>> String>...
>>> method, following line of code prints username and password in logs when
>>> verbose
>>> is set to true.
>>>
>>> Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module);
>>>
>>> Aditya suggested:
>>> Removed the line that prints "Request Parameter Map Entries" as it may
>>> print
>>> username and password entered by user when verbose set to true.
>>> It may not be a grave concern for staging environment as verbose are not
>>> logged
>>> there but it is still unethical to print such details.
>>>
>>> jleroux: I decided to rather comment out the line which might still be
>>> useful
>>> in some cases...
>>>
>>> Thanks: Aditya Sharma
>>>
>>> Modified:
>>> ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java
>>>
>>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java
>>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>>> ============================================================
>>> ==================
>>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>>
>>> if (Debug.verboseOn()) {
>>> Debug.logVerbose("Made Request Parameter Map with [" +
>>> paramMap.size() + "] Entries", module);
>>> - Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module);
>>> + //Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module); see OFBIZ-9310
>>> }
>>>
>>> return canonicalizeParameterMap(paramMap);
>>>
>>>
>>>
>>>
Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/
base/util/UtilHttp.java
Posted by Taher Alkhateeb <sl...@gmail.com>.
To my understanding all commented out code is commented out because it
"might still be useful". And if something "might be useful" then you can
always find it in source control. There is no specific reason that I saw in
your comment beyond "might be useful" to warrant keeping it as far as I
read.
On Apr 14, 2017 2:36 PM, "Jacques Le Roux" <ja...@les7arts.com>
wrote:
This is a particular case as explained in the commit
Jacques
Le 14/04/2017 à 13:27, Taher Alkhateeb a écrit :
> It is usually bad practice to comment out code as discussed in other
> threads. I recommend either keeping or deleting that bit of code.
>
> On Apr 14, 2017 2:04 PM, <jl...@apache.org> wrote:
>
> Author: jleroux
>> Date: Fri Apr 14 11:04:04 2017
>> New Revision: 1791346
>>
>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>> Log:
>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>> username and password in logs
>> (OFBIZ-9310)
>>
>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>> String>...
>> method, following line of code prints username and password in logs when
>> verbose
>> is set to true.
>>
>> Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>>
>> Aditya suggested:
>> Removed the line that prints "Request Parameter Map Entries" as it may
>> print
>> username and password entered by user when verbose set to true.
>> It may not be a grave concern for staging environment as verbose are not
>> logged
>> there but it is still unethical to print such details.
>>
>> jleroux: I decided to rather comment out the line which might still be
>> useful
>> in some cases...
>>
>> Thanks: Aditya Sharma
>>
>> Modified:
>> ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>
>> if (Debug.verboseOn()) {
>> Debug.logVerbose("Made Request Parameter Map with [" +
>> paramMap.size() + "] Entries", module);
>> - Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>> + //Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module); see OFBIZ-9310
>> }
>>
>> return canonicalizeParameterMap(paramMap);
>>
>>
>>
>>