Fixed Design issue; raw strings used to pass passwords around & stack traces

[Xon]

Affected version

2.0.10

When an error occurs in the authentication stack (or registration), the password used is leaked into the error logs via the stack trace

Ideally XF should use an class to encapsulate this password string so it doesn't get leaked in the stack trace. A getter/setter could be used to transform it to a normal string easily, but would require an explicit change on the interface boundaries of functions.

Sadly you can't just make it easily convertible to a string, or this would be used in the stacktrace

 

[XF Bug Bot]

Thank you for reporting this issue. The issue is now resolved and we are aiming to include that in the next XF release (2.0.11).

Change log:

Implement custom stack trace builder to mask passwords in method arguments

 

[Mike]

So note that we've taken a different approach here that doesn't have BC issues and should avoid problems with passwords passed to vendor libraries, etc.

When we generate the stack traces for logging, we now use a custom method to convert the trace to strings. If the method argument contains "password", then we'll block out the string value. Technically, if you're passing a different type of secret in, this could be missed, but I think this should catch the absolute vast majority of cases.