[Zope-Checkins]
SVN: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
Merge heavy-handed fix for Collector #777 from 2.7 branch.
Tres Seaver
tseaver at zope.com
Wed May 19 14:13:44 EDT 2004
Log message for revision 24828:
Merge heavy-handed fix for Collector #777 from 2.7 branch.
-=-
Modified: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/HTTPRequest.py 2004-05-19 17:02:42 UTC (rev 24827)
+++ Zope/trunk/lib/python/ZPublisher/HTTPRequest.py 2004-05-19 18:13:44 UTC (rev 24828)
@@ -1259,16 +1259,16 @@
def __str__(self):
result="<h3>form</h3><table>"
row='<tr valign="top" align="left"><th>%s</th><td>%s</td></tr>'
- for k,v in self.form.items():
+ for k,v in _filterPasswordFields(self.form.items()):
result=result + row % (escape(k), escape(repr(v)))
result=result+"</table><h3>cookies</h3><table>"
- for k,v in self.cookies.items():
+ for k,v in _filterPasswordFields(self.cookies.items()):
result=result + row % (escape(k), escape(repr(v)))
result=result+"</table><h3>lazy items</h3><table>"
- for k,v in self._lazies.items():
+ for k,v in _filterPasswordFields(self._lazies.items()):
result=result + row % (escape(k), escape(repr(v)))
result=result+"</table><h3>other</h3><table>"
- for k,v in self.other.items():
+ for k,v in _filterPasswordFields(self.other.items()):
if k in ('PARENTS','RESPONSE'): continue
result=result + row % (escape(k), escape(repr(v)))
@@ -1517,7 +1517,21 @@
EMPTY=16
CONVERTED=32
+# Collector #777: filter out request fields which contain 'passw'
+def _filterPasswordFields(items):
+ result = []
+
+ for k, v in items:
+
+ if 'passw' in k.lower():
+ v = '<password obscured>'
+
+ result.append((k, v))
+
+ return result
+
+
# The trusted_proxies configuration setting contains a sequence
# of front-end proxies that are trusted to supply an accurate
# X_FORWARDED_FOR header. If REMOTE_ADDR is one of the values in this list
More information about the Zope-Checkins
mailing list