Hide db credentials

To protect users who have publically accessible installs with debug
turned on - *** out db login credentials

Author: AD7six

cake/libs/debugger.php

@@ -499,6 +499,16 @@ function exportVar($var, $recursion = 0) {
 			case 'object':
 				return get_class($var) . "\n" . $_this->__object($var);
 			case 'array':
+				$var = array_merge($var,  array_intersect_key(array(
+					'password' => '*****',
+					'login'  => '*****',
+					'host' => '*****',
+					'database' => '*****',
+					'port' => '*****',
+					'prefix' => '*****',
+					'schema' => '*****'
+				), $var));
+
 				$out = "array(";
 				$vars = array();
 				foreach ($var as $key => $val) {

cake/tests/cases/libs/debugger.test.php

@@ -333,4 +333,40 @@ function testGetInstance() {
 		$result =& Debugger::getInstance('Debugger');
 		$this->assertIsA($result, 'Debugger');
 	}
+
+/**
+ * testNoDbCredentials
+ *
+ * If a connection error occurs, the config variable is passed through exportVar
+ * *** our database login credentials such that they are never visible
+ *
+ * @access public
+ * @return void
+ */
+	function testNoDbCredentials() {
+		$config = array(
+			'driver' => 'mysql',
+			'persistent' => false,
+			'host' => 'void.cakephp.org',
+			'login' => 'cakephp-user',
+			'password' => 'cakephp-password',
+			'database' => 'cakephp-database',
+			'prefix' => ''
+		);
+
+		$output = Debugger::exportVar($config);
+
+		$expectedArray = array(
+			'driver' => 'mysql',
+			'persistent' => false,
+			'host' => '*****',
+			'login' => '*****',
+			'password' => '*****',
+			'database' => '*****',
+			'prefix' => ''
+		);
+		$expected = Debugger::exportVar($expectedArray);
+
+		$this->assertEqual($expected, $output);
+	}
 }