Skip to content

Commit

Permalink
FIX Generic substitution of constant disabled for sensitive constant
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Feb 24, 2018
1 parent 619e0d3 commit a5b1f11
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion htdocs/core/lib/functions.lib.php
View file
Expand Up @@ -5685,7 +5685,8 @@ function make_substitutions($text, $substitutionarray, $outputlangs=null)
if (dol_textishtml($text,1)) $msgishtml = 1;

$keyfound = $reg[1];
$newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound;
if (preg_match('/(_pass|password|secret|_key|key$)/i', $keyfound)) $newval = '*****forbidden*****';
else $newval=empty($conf->global->$keyfound)?'':$conf->global->$keyfound;
$text = preg_replace('/__\['.preg_quote($keyfound, '/').'\]__/', $msgishtml?dol_htmlentitiesbr($newval):$newval, $text);
}

Expand Down

0 comments on commit a5b1f11

Please sign in to comment.