From 9b47eb69b5cbe3ac621c91ccaf226cef8efed625 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Thu, 10 Jul 2014 14:51:19 +0800
Subject: Bug 1027114: When sending error to Sentry for webservice failures, we
 need to first scrub the username/login/password from the query string

---
 Bugzilla/Sentry.pm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'Bugzilla/Sentry.pm')

diff --git a/Bugzilla/Sentry.pm b/Bugzilla/Sentry.pm
index 333cff9c3..ce45d4823 100644
--- a/Bugzilla/Sentry.pm
+++ b/Bugzilla/Sentry.pm
@@ -201,6 +201,11 @@ sub sentry_handle_error {
     my $uri = URI->new(Bugzilla->cgi->self_url);
     $uri->query(undef);
 
+    foreach my $field (qw( QUERY_STRING REQUEST_URI HTTP_REFERER )) {
+        $ENV{$field} =~ s/\b((?:Bugzilla_password|password)=)[^ &]+/$1*/gi
+            if exists $ENV{$field};
+    }
+
     my $data = {
         event_id    => $id,
         message     => $message,
-- 
cgit v1.2.3-24-g4f1b