Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Fri, 14 Apr 2017 04:27:39 -0700 

It is usually bad practice to comment out code as discussed in other
threads. I recommend either keeping or deleting that bit of code.

On Apr 14, 2017 2:04 PM, <jler...@apache.org> wrote:

> Author: jleroux
> Date: Fri Apr 14 11:04:04 2017
> New Revision: 1791346
>
> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
> Log:
> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
> username and password in logs
> (OFBIZ-9310)
>
> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
> String>...
> method, following line of code prints username and password in logs when
> verbose
>  is set to true.
>
> Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module);
>
> Aditya suggested:
> Removed the line that prints "Request Parameter Map Entries" as it may
> print
> username and password entered by user when verbose set to true.
> It may not be a grave concern for staging environment as verbose are not
> logged
> there but it is still unethical to print such details.
>
> jleroux: I decided to rather comment out the line which might still be
> useful
> in some cases...
>
> Thanks: Aditya Sharma
>
> Modified:
>     ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java
>
> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java
> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
> framework/base/src/main/java/org/apache/ofbiz/base/util/
> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
> ============================================================
> ==================
> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java (original)
> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
> @@ -158,7 +158,7 @@ public final class UtilHttp {
>
>          if (Debug.verboseOn()) {
>              Debug.logVerbose("Made Request Parameter Map with [" +
> paramMap.size() + "] Entries", module);
> -            Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module);
> +            //Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module); see OFBIZ-9310
>          }
>
>          return canonicalizeParameterMap(paramMap);
>
>
>

Reply via email to