Mercurial > gemma
diff pkg/imports/config.go @ 3515:c64c47ff2ab1 password
import: fix for passwordleakage. No passwords are received/sent if configuration is edited.
| author | Thomas Junk <thomas.junk@intevation.de> |
|---|---|
| date | Wed, 29 May 2019 09:56:42 +0200 |
| parents | 4882f01c8592 |
| children | 8b75ac5e243e |
line wrap: on
line diff
--- a/pkg/imports/config.go Tue May 28 17:12:02 2019 +0200 +++ b/pkg/imports/config.go Wed May 29 09:56:42 2019 +0200 @@ -269,7 +269,12 @@ if pc.Attributes == nil { pc.Attributes = common.Attributes{} } - pc.Attributes.Set(k.String, v.String) + // Prevent sending the `password` back to the client. + // (See importconfig.infoImportConfig() for the other place + // where this is done.) + if k.String != "password" { + pc.Attributes.Set(k.String, v.String) + } } }