[whimsy.git] [1/1] Commit d2bfc21: Although should only be visible to logged in user, it's safer not to

Sebastian Bazley Sat, 19 Mar 2016 03:34:48 -0700

Commit d2bfc2140c08d32492b1083838d1840454cdd677:
    Although should only be visible to logged in user, it's safer not to
    expose the value



Branch: refs/heads/master
Author: Sebb <[email protected]>
Committer: Sebb <[email protected]>
Pusher: sebb <[email protected]>

------------------------------------------------------------
www/board/test.cgi                                           | +++++++ 
www/committers/test.cgi                                      | +++++++ 
www/members/test.cgi                                         | +++++++ 
www/test.cgi                                                 | +++++++ 
------------------------------------------------------------
28 changes: 28 additions, 0 deletions.
------------------------------------------------------------


diff --git a/www/board/test.cgi b/www/board/test.cgi
index 2116558..89fc2ad 100755
--- a/www/board/test.cgi
+++ b/www/board/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/committers/test.cgi b/www/committers/test.cgi
index 2116558..89fc2ad 100755
--- a/www/committers/test.cgi
+++ b/www/committers/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/members/test.cgi b/www/members/test.cgi
index 2116558..89fc2ad 100755
--- a/www/members/test.cgi
+++ b/www/members/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end
 
diff --git a/www/test.cgi b/www/test.cgi
index 2116558..89fc2ad 100755
--- a/www/test.cgi
+++ b/www/test.cgi
@@ -5,6 +5,13 @@ print "Content-type: text/plain\r\n\r\n"
 #print ENV.inspect
 
 ENV.sort.each do |k,v|
+  if k.eql? 'HTTP_AUTHORIZATION'
+      # cannot use sub! because value is fozen
+      # redact non-empty string
+      if v and not v.empty?
+        v = '<redacted>'
+      end
+  end
   print "#{k} #{v}\n"
 end

[whimsy.git] [1/1] Commit d2bfc21: Although should only be visible to logged in user, it's safer not to

Reply via email to