From 77016601192f8f1c1f7d04204fc54863dc71da64 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Tue, 16 Jan 2018 22:09:25 +0100
Subject: [PATCH] [Web] Skip passwords in API log

---
 data/web/admin.php    | 4 ++--
 data/web/json_api.php | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index 660b9051..292c996c 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -40,7 +40,7 @@ $tfa_data = get_tfa();
           </div>
           <div class="form-group">
             <div class="col-sm-offset-3 col-sm-9">
-              <button class="btn btn-default" id="edit_selected" data-id="admin" data-item="null" data-api-url='edit/self' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
+              <button class="btn btn-default" id="edit_selected" data-id="admin" data-item="admin" data-api-url='edit/self' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
             </div>
           </div>
         </form>
@@ -522,7 +522,7 @@ $tfa_data = get_tfa();
             <label for="help_text"><?=$lang['admin']['help_text'];?>:</label>
             <textarea class="form-control" id="help_text" name="help_text" rows="7"><?=$ui_texts['help_text'];?></textarea>
           </div>
-          <button class="btn btn-success" id="edit_selected" data-item="null" data-id="uitexts" data-api-url='edit/ui_texts' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
+          <button class="btn btn-success" id="edit_selected" data-item="ui" data-id="uitexts" data-api-url='edit/ui_texts' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
         </form>
       </div>
     </div>
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 3bcb2ac4..cb0e5784 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -25,6 +25,11 @@ function api_log($postarray) {
     }
     if ($value = json_decode($value, true)) {
       unset($value["csrf_token"]);
+      foreach ($value as $key => &$val) {
+        if(preg_match("/pass/i", $key)) {
+          $val = '********';
+        }
+      }
       $value = json_encode($value);
     }
     $data_var[] = $data . "='" . $value . "'";