From 774deaded1bc782b6a2670720e0fde3c7df7cde4 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 03 Feb 2014 09:34:55 -0500
Subject: [PATCH] Don't EVER log passwords

---
 plugins/password/drivers/ldap_simple.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 47e3b07..3e167ea 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -113,7 +113,7 @@
             return PASSWORD_CRYPT_ERROR;
         }
 
-        $this->_debug("C: Bind $binddn [pass: $bindpw]");
+        $this->_debug("C: Bind $binddn, pass: **** [" . strlen($bindpw) . "]");
 
         // Bind
         if (!ldap_bind($ds, $binddn, $bindpw)) {
@@ -175,7 +175,7 @@
             return null;
         }
 
-        $this->_debug("C: Bind $search_user [pass: $search_pass]");
+        $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]");
 
         // Bind
         if (!ldap_bind($ds, $search_user, $search_pass)) {

--
Gitblit v1.9.1