Do not log passwords in debug mode

Signed-off-by: Anna Larch <anna@nextcloud.com>

diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php
index 6309a0c8f91a473ab59ed2494fe852ed8b4d74be..edaf08a78165ba2ef29cd01ef56a6a6acf2cb829 100644 (file)
--- a/apps/user_ldap/lib/LDAP.php
+++ b/apps/user_ldap/lib/LDAP.php
@@ -33,6 +33,7 @@
  */
 namespace OCA\User_LDAP;
 
+use OCP\IConfig;
 use OCP\Profiler\IProfiler;
 use OC\ServerNotAvailableException;
 use OCA\User_LDAP\DataCollector\LdapDataCollector;
@@ -317,6 +318,14 @@ class LDAP implements ILDAPWrapper {
 
        private function preFunctionCall(string $functionName, array $args): void {
                $this->curArgs = $args;
+               if(strcasecmp($functionName, 'ldap_bind') === 0) {
+                       // The arguments are not key value pairs
+                       // \OCA\User_LDAP\LDAP::bind passes 3 arguments, the 3rd being the pw
+                       // Remove it via direct array access for now, although a better solution could be found mebbe?
+                       // @link https://github.com/nextcloud/server/issues/38461
+                       $args[2] = IConfig::SENSITIVE_VALUE;
+               }
+
                $this->logger->debug('Calling LDAP function {func} with parameters {args}', [
                        'app' => 'user_ldap',
                        'func' => $functionName,