mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 08:26:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

SessionStore: replace password with PASSWORD_HIDDEN when storing in db

Browse source 
Fixes #3421.
This commit is contained in:
John McLear 2020-03-29 09:35:20 +00:00 committed by muxator
parent 3e8b426847
commit 53f126082a
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/node/db/SessionStore.js
View file

@ -38,6 +38,11 @@ SessionStore.prototype.get = function(sid, fn) {
SessionStore.prototype.set = function(sid, sess, fn) { SessionStore.prototype.set = function(sid, sess, fn) {
messageLogger.debug('SET ' + sid); messageLogger.debug('SET ' + sid);
// don't store passwords in DB
if (sess.user && sess.user.password) {
sess.user.password = "PASSWORD_HIDDEN";
}
db.set("sessionstorage:" + sid, sess); db.set("sessionstorage:" + sid, sess);
if (fn) { if (fn) {
process.nextTick(fn); process.nextTick(fn);