Improvements in kolab_auth::log_login_error()
- Use "no-session" identifier when there's no session (e.g. syncroton, iRony) - truncate username input if exceedingly long
This commit is contained in:
Aleksander Machniak
parent
17d18bebb1
commit
a7d37da5e1
1 changed files with 10 additions and 1 deletions
|
|
@ -778,6 +778,15 @@ class kolab_auth extends rcube_plugin
|
||||||
$config = rcube::get_instance()->config;
|
$config = rcube::get_instance()->config;
|
||||||
|
|
||||||
if ($config->get('log_logins')) {
|
if ($config->get('log_logins')) {
|
||||||
|
// don't fill the log with complete input, which could
|
||||||
|
// have been prepared by a hacker
|
||||||
|
if (strlen($username) > 256) {
|
||||||
|
$username = substr($username, 0, 256) . '...';
|
||||||
|
}
|
||||||
|
if (strlen($login_as) > 256) {
|
||||||
|
$login_as = substr($login_as, 0, 256) . '...';
|
||||||
|
}
|
||||||
|
|
||||||
if ($login_as) {
|
if ($login_as) {
|
||||||
$username = sprintf('%s (as user %s)', $username, $login_as);
|
$username = sprintf('%s (as user %s)', $username, $login_as);
|
||||||
}
|
}
|
||||||
|
|
@ -786,7 +795,7 @@ class kolab_auth extends rcube_plugin
|
||||||
"Failed login for %s from %s in session %s %s",
|
"Failed login for %s from %s in session %s %s",
|
||||||
$username,
|
$username,
|
||||||
rcube_utils::remote_ip(),
|
rcube_utils::remote_ip(),
|
||||||
session_id(),
|
session_id() ?: 'no-session',
|
||||||
$message ? "($message)" : ''
|
$message ? "($message)" : ''
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue