Avoid feed credentials in logs (FreshRSS#1949)

* Avoid feed credentials in logs Related to FreshRSS#1891 * Changelog 1949
javerous · Jul 8, 2018 · 0f77985 · 0f77985
1 parent 4e7042e
commit 0f77985
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,8 @@
 * Bug fixing
 	* Fix bugs when searching with special characters (e.g. preventing marking as read) [#1944](https://github.com/FreshRSS/FreshRSS/issues/1944)
 	* Fix username check in API to allow underscores [#1955](https://github.com/FreshRSS/FreshRSS/issues/1955)
+* Security
+	* Avoid feed credentials in logs [#1949](https://github.com/FreshRSS/FreshRSS/pull/1949)
 * Mics.
 	* Auto-login after self user creation [#1928](https://github.com/FreshRSS/FreshRSS/issues/1928)
 

diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php
@@ -186,7 +186,7 @@ public function purgeAction() {
 				$nb = $entryDAO->cleanOldEntries($feed->id(), $date_min, $feed_history);
 				if ($nb > 0) {
 					$nb_total += $nb;
-					Minz_Log::debug($nb . ' old entries cleaned in feed [' . $feed->url() . ']');
+					Minz_Log::debug($nb . ' old entries cleaned in feed [' . $feed->url(false) . ']');
 				}
 			}
 		}

diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
@@ -295,12 +295,12 @@ public static function actualizeFeed($feed_id, $feed_url, $force, $simplePiePush
 				if ($feed->lastUpdate() + 10 >= $mtime) {
 					continue;	//Nothing newer from other users
 				}
-				//Minz_Log::debug($feed->url() . ' was updated at ' . date('c', $mtime) . ' by another user');
+				//Minz_Log::debug($feed->url(false) . ' was updated at ' . date('c', $mtime) . ' by another user');
 				//Will take advantage of the newer cache
 			}
 
 			if (!$feed->lock()) {
-				Minz_Log::notice('Feed already being actualized: ' . $feed->url());
+				Minz_Log::notice('Feed already being actualized: ' . $feed->url(false));
 				continue;
 			}
 
@@ -351,7 +351,7 @@ public static function actualizeFeed($feed_id, $feed_url, $force, $simplePiePush
 							//This entry already exists and is unchanged. TODO: Remove the test with the zero'ed hash in FreshRSS v1.3
 							$oldGuids[] = $entry->guid();
 						} else {	//This entry already exists but has been updated
-							//Minz_Log::debug('Entry with GUID `' . $entry->guid() . '` updated in feed ' . $feed->url() .
+							//Minz_Log::debug('Entry with GUID `' . $entry->guid() . '` updated in feed ' . $feed->url(false) .
 								//', old hash ' . $existingHash . ', new hash ' . $entry->hash());
 							$mark_updated_article_unread = $feed->attributes('mark_updated_article_unread') !== null ? (
 									$feed->attributes('mark_updated_article_unread')
@@ -425,8 +425,7 @@ public static function actualizeFeed($feed_id, $feed_url, $force, $simplePiePush
 				                                max($feed_history, count($entries) + 10));
 				if ($nb > 0) {
 					$needFeedCacheRefresh = true;
-					Minz_Log::debug($nb . ' old entries cleaned in feed [' .
-					                $feed->url() . ']');
+					Minz_Log::debug($nb . ' old entries cleaned in feed [' . $feed->url(false) . ']');
 				}
 			}
 
@@ -442,25 +441,25 @@ public static function actualizeFeed($feed_id, $feed_url, $force, $simplePiePush
 				if ($feed->selfUrl() !== $url) {	//https://code.google.com/p/pubsubhubbub/wiki/MovingFeedsOrChangingHubs
 					$selfUrl = checkUrl($feed->selfUrl());
 					if ($selfUrl) {
-						Minz_Log::debug('PubSubHubbub unsubscribe ' . $feed->url());
+						Minz_Log::debug('PubSubHubbub unsubscribe ' . $feed->url(false));
 						if (!$feed->pubSubHubbubSubscribe(false)) {	//Unsubscribe
-							Minz_Log::warning('Error while PubSubHubbub unsubscribing from ' . $feed->url());
+							Minz_Log::warning('Error while PubSubHubbub unsubscribing from ' . $feed->url(false));
 						}
 						$feed->_url($selfUrl, false);
-						Minz_Log::notice('Feed ' . $url . ' canonical address moved to ' . $feed->url());
+						Minz_Log::notice('Feed ' . $url . ' canonical address moved to ' . $feed->url(false));
 						$feedDAO->updateFeed($feed->id(), array('url' => $feed->url()));
 					}
 				}
 			} elseif ($feed->url() !== $url) {	// HTTP 301 Moved Permanently
-				Minz_Log::notice('Feed ' . $url . ' moved permanently to ' . $feed->url());
+				Minz_Log::notice('Feed ' . $url . ' moved permanently to ' . $feed->url(false));
 				$feedDAO->updateFeed($feed->id(), array('url' => $feed->url()));
 			}
 
 			$feed->faviconPrepare();
 			if ($pubsubhubbubEnabledGeneral && $feed->pubSubHubbubPrepare()) {
-				Minz_Log::notice('PubSubHubbub subscribe ' . $feed->url());
+				Minz_Log::notice('PubSubHubbub subscribe ' . $feed->url(false));
 				if (!$feed->pubSubHubbubSubscribe(true)) {	//Subscribe
-					Minz_Log::warning('Error while PubSubHubbub subscribing to ' . $feed->url());
+					Minz_Log::warning('Error while PubSubHubbub subscribing to ' . $feed->url(false));
 				}
 			}
 			$feed->unlock();

diff --git a/app/Models/Feed.php b/app/Models/Feed.php
@@ -59,8 +59,8 @@ public function hash() {
 		return $this->hash;
 	}
 
-	public function url() {
-		return $this->url;
+	public function url($includeCredentials = true) {
+		return $includeCredentials ? $this->url : SimplePie_Misc::url_remove_credentials($this->url);
 	}
 	public function selfUrl() {
 		return $this->selfUrl;