From 44b637470c57f098d328bc6d298be9385d3f30c4 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 31 Jan 2014 12:28:21 +0100
Subject: [PATCH] remove passwords in URLs from all log messages

---
 lib/private/log/errorhandler.php | 15 ++++++++++++---
 lib/private/log/owncloud.php     |  1 -
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/private/log/errorhandler.php b/lib/private/log/errorhandler.php
index 69cb960de91..4460468336b 100644
--- a/lib/private/log/errorhandler.php
+++ b/lib/private/log/errorhandler.php
@@ -14,6 +14,15 @@ class ErrorHandler {
 	/** @var LoggerInterface */
 	private static $logger;
 
+	/**
+	 * @brief remove password in URLs
+	 * @param string $msg
+	 * @return string
+	 */
+	private static function removePassword($msg) {
+		return preg_replace('/\/\/(.*):(.*)@/', '//xxx:xxx@', $msg);
+	}
+
 	public static function register() {
 		$handler = new ErrorHandler();
 
@@ -32,14 +41,14 @@ class ErrorHandler {
 		if($error && self::$logger) {
 			//ob_end_clean();
 			$msg = $error['message'] . ' at ' . $error['file'] . '#' . $error['line'];
-			self::$logger->critical($msg, array('app' => 'PHP'));
+			self::$logger->critical(self::removePassword($msg), array('app' => 'PHP'));
 		}
 	}
 
 	// Uncaught exception handler
 	public static function onException($exception) {
 		$msg = $exception->getMessage() . ' at ' . $exception->getFile() . '#' . $exception->getLine();
-		self::$logger->critical($msg, array('app' => 'PHP'));
+		self::$logger->critical(self::removePassword($msg), array('app' => 'PHP'));
 	}
 
 	//Recoverable errors handler
@@ -48,7 +57,7 @@ class ErrorHandler {
 			return;
 		}
 		$msg = $message . ' at ' . $file . '#' . $line;
-		self::$logger->warning($msg, array('app' => 'PHP'));
+		self::$logger->warning(self::removePassword($msg), array('app' => 'PHP'));
 
 	}
 }
diff --git a/lib/private/log/owncloud.php b/lib/private/log/owncloud.php
index 4c86d0e45e0..3590bbd436d 100644
--- a/lib/private/log/owncloud.php
+++ b/lib/private/log/owncloud.php
@@ -69,7 +69,6 @@ class OC_Log_Owncloud {
 			}
 			$time = new DateTime(null, $timezone);
 			// remove username/passswords from URLs before writing the to the log file
-			$message = preg_replace('/\/\/(.*):(.*)@/', '//xxx:xxx@', $message);
 			$entry=array('app'=>$app, 'message'=>$message, 'level'=>$level, 'time'=> $time->format($format));
 			$entry = json_encode($entry);
 			$handle = @fopen(self::$logFile, 'a');
-- 
GitLab