From 774deaded1bc782b6a2670720e0fde3c7df7cde4 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 03 Feb 2014 09:34:55 -0500
Subject: [PATCH] Don't EVER log passwords

---
 program/lib/Roundcube/rcube_ldap_generic.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/lib/Roundcube/rcube_ldap_generic.php b/program/lib/Roundcube/rcube_ldap_generic.php
index 923a12a..b85afe4 100644
--- a/program/lib/Roundcube/rcube_ldap_generic.php
+++ b/program/lib/Roundcube/rcube_ldap_generic.php
@@ -240,7 +240,7 @@
             $method = 'DIGEST-MD5';
         }
 
-        $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: $pass]");
+        $this->_debug("C: SASL Bind [mech: $method, authc: $authc, authz: $authz, pass: **** [" . strlen($pass) . "]");
 
         if (ldap_sasl_bind($this->conn, NULL, $pass, $method, NULL, $authc, $authz)) {
             $this->_debug("S: OK");
@@ -271,7 +271,7 @@
             return false;
         }
 
-        $this->_debug("C: Bind $dn [pass: $pass]");
+        $this->_debug("C: Bind $dn, pass: **** [" . strlen($pass) . "]");
 
         if (@ldap_bind($this->conn, $dn, $pass)) {
             $this->_debug("S: OK");

--
Gitblit v1.9.1