[Zope-Checkins] SVN: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py Merge heavy-handed fix for Collector #777 from 2.7 branch.

Tres Seaver tseaver at zope.com
Wed May 19 14:13:44 EDT 2004


Log message for revision 24828:
Merge heavy-handed fix for Collector #777 from 2.7 branch.


-=-
Modified: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/HTTPRequest.py	2004-05-19 17:02:42 UTC (rev 24827)
+++ Zope/trunk/lib/python/ZPublisher/HTTPRequest.py	2004-05-19 18:13:44 UTC (rev 24828)
@@ -1259,16 +1259,16 @@
     def __str__(self):
         result="<h3>form</h3><table>"
         row='<tr valign="top" align="left"><th>%s</th><td>%s</td></tr>'
-        for k,v in self.form.items():
+        for k,v in _filterPasswordFields(self.form.items()):
             result=result + row % (escape(k), escape(repr(v)))
         result=result+"</table><h3>cookies</h3><table>"
-        for k,v in self.cookies.items():
+        for k,v in _filterPasswordFields(self.cookies.items()):
             result=result + row % (escape(k), escape(repr(v)))
         result=result+"</table><h3>lazy items</h3><table>"
-        for k,v in self._lazies.items():
+        for k,v in _filterPasswordFields(self._lazies.items()):
             result=result + row % (escape(k), escape(repr(v)))
         result=result+"</table><h3>other</h3><table>"
-        for k,v in self.other.items():
+        for k,v in _filterPasswordFields(self.other.items()):
             if k in ('PARENTS','RESPONSE'): continue
             result=result + row % (escape(k), escape(repr(v)))
 
@@ -1517,7 +1517,21 @@
 EMPTY=16
 CONVERTED=32
 
+#   Collector #777:  filter out request fields which contain 'passw'
+def _filterPasswordFields(items):
 
+    result = []
+
+    for k, v in items:
+
+        if 'passw' in k.lower():
+            v = '<password obscured>'
+
+        result.append((k, v))
+
+    return result
+
+
 # The trusted_proxies configuration setting contains a sequence
 # of front-end proxies that are trusted to supply an accurate
 # X_FORWARDED_FOR header. If REMOTE_ADDR is one of the values in this list




More information about the Zope-Checkins mailing list