From 21b3145e8195a91846e76bc0556da176bae6e79d Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 16 Dec 2015 22:22:26 +0100
Subject: Bug 1232578: Do not save hashed passwords in audit_log r=dkl

---
 Bugzilla/Object.pm | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Object.pm')

diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 8f25e2b20..d43c8ca34 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -599,11 +599,29 @@ sub audit_log {
     foreach my $field (keys %$changes) {
         # Skip private changes.
         next if $field =~ /^_/;
-        my ($from, $to) = @{ $changes->{$field} };
+        my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field});
         $sth->execute($user_id, $class, $self->id, $field, $from, $to);
     }
 }
 
+sub _sanitize_audit_log {
+    my ($self, $field, $changes) = @_;
+    my $class = ref($self) || $self;
+
+    # Do not store hashed passwords. Only record the algorithm used to encode them.
+    if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') {
+        foreach my $passwd (@$changes) {
+            next unless $passwd;
+            my $algorithm = 'unknown_algorithm';
+            if ($passwd =~ /{([^}]+)}$/) {
+                $algorithm = $1;
+            }
+            $passwd = "hashed_with_$algorithm";
+        }
+    }
+    return @$changes;
+}
+
 sub flatten_to_hash {
     my $self = shift;
     my $class = blessed($self);
-- 
cgit v1.2.3-24-g4f1b