Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't log full session identifiers

Browse source
This commit is contained in:
Aleksander Machniak 2019-04-19 11:46:39 +02:00
parent ce24ec1bdd
commit 3db1e4212c
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
plugins/kolab_auth/kolab_auth.php
View file

@ -874,11 +874,15 @@ class kolab_auth extends rcube_plugin
$username = sprintf('%s (as user %s)', $username, $login_as); $username = sprintf('%s (as user %s)', $username, $login_as);
} }
// Don't log full session id for better security
$session_id = session_id();
$session_id = $session_id ? substr($session_id, 0, 16) : 'no-session';
$message = sprintf( $message = sprintf(
"Failed login for %s from %s in session %s %s", "Failed login for %s from %s in session %s %s",
$username, $username,
rcube_utils::remote_ip(), rcube_utils::remote_ip(),
session_id() ?: 'no-session', $session_id,
$message ? "($message)" : '' $message ? "($message)" : ''
); );