It is usually bad practice to comment out code as discussed in other threads. I recommend either keeping or deleting that bit of code.
On Apr 14, 2017 2:04 PM, <jler...@apache.org> wrote: > Author: jleroux > Date: Fri Apr 14 11:04:04 2017 > New Revision: 1791346 > > URL: http://svn.apache.org/viewvc?rev=1791346&view=rev > Log: > Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints > username and password in logs > (OFBIZ-9310) > > In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends > String>... > method, following line of code prints username and password in logs when > verbose > is set to true. > > Debug.logVerbose("Request Parameter Map Entries: " + > System.getProperty("line.separator") + UtilMisc.printMap(paramMap), > module); > > Aditya suggested: > Removed the line that prints "Request Parameter Map Entries" as it may > print > username and password entered by user when verbose set to true. > It may not be a grave concern for staging environment as verbose are not > logged > there but it is still unethical to print such details. > > jleroux: I decided to rather comment out the line which might still be > useful > in some cases... > > Thanks: Aditya Sharma > > Modified: > ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/ > org/apache/ofbiz/base/util/UtilHttp.java > > Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/ > org/apache/ofbiz/base/util/UtilHttp.java > URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/ > framework/base/src/main/java/org/apache/ofbiz/base/util/ > UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff > ============================================================ > ================== > --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/ > org/apache/ofbiz/base/util/UtilHttp.java (original) > +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/ > org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017 > @@ -158,7 +158,7 @@ public final class UtilHttp { > > if (Debug.verboseOn()) { > Debug.logVerbose("Made Request Parameter Map with [" + > paramMap.size() + "] Entries", module); > - Debug.logVerbose("Request Parameter Map Entries: " + > System.getProperty("line.separator") + UtilMisc.printMap(paramMap), > module); > + //Debug.logVerbose("Request Parameter Map Entries: " + > System.getProperty("line.separator") + UtilMisc.printMap(paramMap), > module); see OFBIZ-9310 > } > > return canonicalizeParameterMap(paramMap); > > >