dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d438553) | patch
SECURITY: API: Don't log "sensitive" parameters
authorBrad Jorsch <bjorsch@wikimedia.org>
Thu, 18 Aug 2016 17:37:05 +0000 (13:37 -0400)
committerChad Horohoe <chadh@wikimedia.org>
Thu, 6 Apr 2017 20:42:48 +0000 (13:42 -0700)
commit4d38a489b075fbd0a4c9ec228f83295cf9b9c5fc
tree3aa1a842312a6e438329d9c05088ad1706365917tree | snapshot
parentd4385537bcd8284936cbcafcc84718dcc9b52181commit | diff
SECURITY: API: Don't log "sensitive" parameters

Stuff like passwords and CSRF tokens shouldn't be in the logs.

The fact of being sensitive is intentionally separated from the need to
be in the POST body because, for example, the wltoken parameter to
ApiQueryWatchlist needs to be in the query string to serve its purpose
but still shouldn't be logged.

Bug: T125177
Change-Id: I1d61f4dcf792d77401ee2e2988b1afcb2a2ad58f
RELEASE-NOTES-1.29 diff | blob | history
includes/api/ApiAuthManagerHelper.php diff | blob | history
includes/api/ApiBase.php diff | blob | history
includes/api/ApiCheckToken.php diff | blob | history
includes/api/ApiLogin.php diff | blob | history
includes/api/ApiMain.php diff | blob | history
includes/api/ApiQueryWatchlist.php diff | blob | history
includes/api/ApiQueryWatchlistRaw.php diff | blob | history
Wiklou, le Wiki du Wiklou