Skip to content
Permalink
Browse files

Hide db credentials

To protect users who have publically accessible installs with debug
turned on - *** out db login credentials
  • Loading branch information...
AD7six committed Jun 24, 2011
1 parent f641da8 commit e4fee14a5b1aca3c0af11549aa722358092853e7
Showing with 46 additions and 0 deletions.
  1. +10 −0 cake/libs/debugger.php
  2. +36 −0 cake/tests/cases/libs/debugger.test.php
@@ -499,6 +499,16 @@ function exportVar($var, $recursion = 0) {
case 'object':
return get_class($var) . "\n" . $_this->__object($var);
case 'array':
$var = array_merge($var, array_intersect_key(array(
'password' => '*****',
'login' => '*****',
'host' => '*****',
'database' => '*****',
'port' => '*****',
'prefix' => '*****',
'schema' => '*****'
), $var));
$out = "array(";
$vars = array();
foreach ($var as $key => $val) {
@@ -333,4 +333,40 @@ function testGetInstance() {
$result =& Debugger::getInstance('Debugger');
$this->assertIsA($result, 'Debugger');
}
/**
* testNoDbCredentials
*
* If a connection error occurs, the config variable is passed through exportVar
* *** our database login credentials such that they are never visible
*
* @access public
* @return void
*/
function testNoDbCredentials() {
$config = array(
'driver' => 'mysql',
'persistent' => false,
'host' => 'void.cakephp.org',
'login' => 'cakephp-user',
'password' => 'cakephp-password',
'database' => 'cakephp-database',
'prefix' => ''
);
$output = Debugger::exportVar($config);
$expectedArray = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '*****',
'login' => '*****',
'password' => '*****',
'database' => '*****',
'prefix' => ''
);
$expected = Debugger::exportVar($expectedArray);
$this->assertEqual($expected, $output);
}
}

0 comments on commit e4fee14

Please sign in to comment.
You can’t perform that action at this time.