Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Hide db credentials

To protect users who have publically accessible installs with debug
turned on - *** out db login credentials
  • Loading branch information...
commit fcd0505d424aaafecfe3b051930e721efebac9f5 1 parent 08f1afe
@AD7six AD7six authored
View
36 lib/Cake/Test/Case/Utility/DebuggerTest.php
@@ -326,4 +326,40 @@ public function testGetInstance() {
$result = Debugger::getInstance('Debugger');
$this->assertIsA($result, 'Debugger');
}
+
+/**
+ * testNoDbCredentials
+ *
+ * If a connection error occurs, the config variable is passed through exportVar
+ * *** our database login credentials such that they are never visible
+ *
+ * @access public
+ * @return void
+ */
+ function testNoDbCredentials() {
+ $config = array(
+ 'driver' => 'mysql',
+ 'persistent' => false,
+ 'host' => 'void.cakephp.org',
+ 'login' => 'cakephp-user',
+ 'password' => 'cakephp-password',
+ 'database' => 'cakephp-database',
+ 'prefix' => ''
+ );
+
+ $output = Debugger::exportVar($config);
+
+ $expectedArray = array(
+ 'driver' => 'mysql',
+ 'persistent' => false,
+ 'host' => '*****',
+ 'login' => '*****',
+ 'password' => '*****',
+ 'database' => '*****',
+ 'prefix' => ''
+ );
+ $expected = Debugger::exportVar($expectedArray);
+
+ $this->assertEqual($expected, $output);
+ }
}
View
10 lib/Cake/Utility/Debugger.php
@@ -464,6 +464,16 @@ public static function exportVar($var, $recursion = 0) {
case 'object':
return get_class($var) . "\n" . self::_object($var);
case 'array':
+ $var = array_merge($var, array_intersect_key(array(
+ 'password' => '*****',
+ 'login' => '*****',
+ 'host' => '*****',
+ 'database' => '*****',
+ 'port' => '*****',
+ 'prefix' => '*****',
+ 'schema' => '*****'
+ ), $var));
+
$out = "array(";
$vars = array();
foreach ($var as $key => $val) {
Please sign in to comment.
Something went wrong with that request. Please try again.