From 817ba93e756372e9da58c9d2ff3eb3abdac68913 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Thu, 9 Jul 2020 00:22:27 +0100 Subject: [PATCH] debug: hide more secret stuff --- Changelog.md | 6 +++++- modules/page-debug-info.php | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index 90e34fc..20e148f 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,6 +2,10 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of things that have changed (second only to the commit history!) - though the information for any particular release can also be found in the description of it's page for every release made on GitHub too. +## v0.21.1-hotfix1 + - [security] Fix security issue in the debug action + + ## v0.21 ### Fixed @@ -417,7 +421,7 @@ _(No changes since v0.15-beta2)_ - Fixed handling of pages and tags with single quotes in the name - Fixed weirdness on some pages rendered by the Pepperminty Wiki core - Fixed a few minor usability issues on the upload file page. - - Removed some extra space at the bottom of some pages. + - Removed some extra at the bottom of some pages. - The `raw` action now sends a 404 if the request page doesn't exist on the wiki. ### Changed diff --git a/modules/page-debug-info.php b/modules/page-debug-info.php index 29a940c..31083e0 100644 --- a/modules/page-debug-info.php +++ b/modules/page-debug-info.php @@ -1,7 +1,7 @@ "Debug Information", - "version" => "0.3", + "version" => "0.4", "author" => "Starbeamrainbowlabs", "description" => "Adds a debug action for administrator use only that collects a load of useful information to make reporting bugs easier.", "id" => "page-debug-info", @@ -59,7 +59,7 @@ register_module([ $settings_export = explode("\n", var_export($settings, true)); foreach ($settings_export as &$row) { - if(preg_match("/(sitesecret|email)/i", $row)) $row = "********* secret *********"; + if(preg_match("/'(secret|sitesecret|email(?:Address)?|password)'/i", $row)) $row = "********* secret *********"; } echo(implode("\n", $settings_export)); echo("\n-----\n");