Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[ZF-11839] fixed security issue (possible password disclosure) #526

Closed
wants to merge 39 commits into
from
Commits
Jump to file or symbol
Failed to load files and symbols.
+1 −1
Split
@@ -365,7 +365,7 @@ public function authenticate()
} else {
$line = $zle->getLine();
$messages[] = $zle->getFile() . "($line): " . $zle->getMessage();
- $messages[] = str_replace($password, '*****', $zle->getTraceAsString());
+ $messages[] = preg_replace('/\b'.preg_quote($password, '/').'\b/', '*****', $zle->getTraceAsString());
$messages[0] = 'An unexpected failure occurred';
}
$messages[1] = $zle->getMessage();