]> source.dussan.org Git - nextcloud-server.git/commitdiff
treat sensitive config keys by pattern 16562/head
authorArthur Schiwon <blizzz@arthur-schiwon.de>
Fri, 26 Jul 2019 11:31:14 +0000 (13:31 +0200)
committerBackportbot <backportbot-noreply@rullzer.com>
Fri, 26 Jul 2019 13:21:22 +0000 (13:21 +0000)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
lib/private/AppConfig.php
tests/lib/AppConfigTest.php

index 6d24ca5fa8ee77814eace37aa70488006007548a..8e921dbb7cfa937eba8d6da992e108cd290ab543 100644 (file)
@@ -44,10 +44,10 @@ class AppConfig implements IAppConfig {
        /** @var array[] */
        protected $sensitiveValues = [
                'spreed' => [
-                       'turn_server_secret',
+                       '/^turn_server_secret$/',
                ],
                'user_ldap' => [
-                       'ldap_agent_password',
+                       '/^(s..)?ldap_agent_password$/',
                ],
        ];
 
@@ -289,8 +289,9 @@ class AppConfig implements IAppConfig {
                $values = $this->getValues($app, false);
 
                if (isset($this->sensitiveValues[$app])) {
-                       foreach ($this->sensitiveValues[$app] as $sensitiveKey) {
-                               if (isset($values[$sensitiveKey])) {
+                       foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) {
+                               $sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values));
+                               foreach ($sensitiveKeys as $sensitiveKey) {
                                        $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE;
                                }
                        }
index fed929352d3003d74116dfa88837d755959d219e..9456fe4c2326a8c04aa8cf361388b8880c47cfa5 100644 (file)
@@ -318,12 +318,14 @@ class AppConfigTest extends TestCase {
                        ->with('user_ldap', false)
                        ->willReturn([
                                'ldap_agent_password' => 'secret',
+                               's42ldap_agent_password' => 'secret',
                                'ldap_dn' => 'dn',
                        ]);
 
                $values = $config->getFilteredValues('user_ldap');
                $this->assertEquals([
                        'ldap_agent_password' => IConfig::SENSITIVE_VALUE,
+                       's42ldap_agent_password' => IConfig::SENSITIVE_VALUE,
                        'ldap_dn' => 'dn',
                ], $values);
        }