New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't leak passwords deep linking to a graph and logging in on Apache httpd #8761

Merged
merged 2 commits into from May 24, 2018

Conversation

Projects
None yet
1 participant
@murrant
Member

murrant commented May 24, 2018

Thanks to awlx on the community site.
https://community.librenms.org/t/username-and-password-being-displayed-in-url/4186

You may want to clean your access logs.

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

@murrant murrant added the Security label May 24, 2018

@murrant murrant changed the title from Don't leak passwords when users update urls to include all variables … to Don't leak passwords when users update urls to include all variables after login May 24, 2018

@murrant murrant changed the title from Don't leak passwords when users update urls to include all variables after login to Don't leak passwords deep linking to a graph and logging in May 24, 2018

@murrant murrant changed the title from Don't leak passwords deep linking to a graph and logging in to Don't leak passwords deep linking to a graph and logging in on Apache httpd May 24, 2018

@murrant murrant merged commit 9b78424 into librenms:master May 24, 2018

3 checks passed

WIP ready for review
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:dont-leak branch May 24, 2018

mattie47 added a commit to mattie47/librenms that referenced this pull request Jul 2, 2018

Don't leak passwords deep linking to a graph and logging in on Apache…
… httpd (librenms#8761)

* Don't leak passwords when users update urls to include all variables after login

* Less aggressive

@lock lock bot locked as resolved and limited conversation to collaborators Jul 23, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.