Reedy has uploaded a new change for review.
https://gerrit.wikimedia.org/r/85395
Change subject: Use $wgRedactedFunctionArguments for sensitive data
......................................................................
Use $wgRedactedFunctionArguments for sensitive data
Change-Id: I21326be80d02e1b5711d4fd2cae2a7c2373277fc
---
M LdapAuthentication.php
1 file changed, 25 insertions(+), 4 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication
refs/changes/95/85395/1
diff --git a/LdapAuthentication.php b/LdapAuthentication.php
index e6963c8..6cb2ba9 100644
--- a/LdapAuthentication.php
+++ b/LdapAuthentication.php
@@ -94,6 +94,12 @@
# Schema changes
$wgHooks['LoadExtensionSchemaUpdates'][] = 'efLdapAuthenticationSchemaUpdates';
+$wgRedactedFunctionArguments['LdapAuthenticationPlugin::ldap_bind'] = 2;
+$wgRedactedFunctionArguments['LdapAuthenticationPlugin::authenticate'] = 2;
+$wgRedactedFunctionArguments['LdapAuthenticationPlugin::getPasswordHash'] = 0;
+$wgRedactedFunctionArguments['LdapAuthenticationPlugin::bindAs'] = 1;
+$wgRedactedFunctionArguments['LdapAuthenticationPlugin::setOrDefaultPrivate']
= 0;
+
/**
* @param $updater DatabaseUpdater
* @return bool
@@ -386,7 +392,7 @@
return self::setOrDefault( $wgLDAPProxyAgent, $domain );
case 'ProxyAgentPassword':
global $wgLDAPProxyAgentPassword;
- return self::setOrDefault( $wgLDAPProxyAgentPassword,
$domain );
+ return self::setOrDefaultPrivate(
$wgLDAPProxyAgentPassword, $domain );
case 'SearchAttribute':
global $wgLDAPSearchAttributes;
return self::setOrDefault( $wgLDAPSearchAttributes,
$domain );
@@ -404,7 +410,7 @@
return self::setOrDefault( $wgLDAPWriterDN, $domain );
case 'WriterPassword':
global $wgLDAPWriterPassword;
- return self::setOrDefault( $wgLDAPWriterPassword,
$domain );
+ return self::setOrDefaultPrivate(
$wgLDAPWriterPassword, $domain );
case 'WriteLocation':
global $wgLDAPWriteLocation;
return self::setOrDefault( $wgLDAPWriteLocation,
$domain );
@@ -416,10 +422,10 @@
return self::setOrDefault( $wgLDAPUpdateLDAP, $domain,
false );
case 'PasswordHash':
global $wgLDAPPasswordHash;
- return self::setOrDefault( $wgLDAPPasswordHash,
$domain, 'clear' );
+ return self::setOrDefaultPrivate( $wgLDAPPasswordHash,
$domain, 'clear' );
case 'MailPassword':
global $wgLDAPMailPassword;
- return self::setOrDefault( $wgLDAPMailPassword,
$domain, false );
+ return self::setOrDefaultPrivate( $wgLDAPMailPassword,
$domain, false );
case 'Preferences':
global $wgLDAPPreferences;
return self::setOrDefault( $wgLDAPPreferences, $domain,
array() );
@@ -491,6 +497,21 @@
}
/**
+ * Returns the item from $array at index $key if it is set,
+ * else, it returns $default
+ *
+ * Use for sensitive data
+ *
+ * @param $array array
+ * @param $key
+ * @param $default mixed
+ * @return mixed
+ */
+ private static function setOrDefaultPrivate( $array, $key, $default =
'' ) {
+ return isset( $array[$key] ) ? $array[$key] : $default;
+ }
+
+ /**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
--
To view, visit https://gerrit.wikimedia.org/r/85395
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I21326be80d02e1b5711d4fd2cae2a7c2373277fc
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LdapAuthentication
Gerrit-Branch: master
Gerrit-Owner: Reedy <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
