Fixed Password to Elastic Search is shown as plain text in Server Error Log

Saarbruecken

Active member
Affected version
2.3.4
Code:
Server error log
    XFES\Elasticsearch\ConnectException: Elasticsearch error: cURL error 28: SSL connection timeout (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://forum:SECRETPASSWORD@internal.domain.tld:9200/forum/_search src/addons/XFES/Elasticsearch/Api.php:447
    Generated by: Unknown account Dec 27, 2024 at 12:07 PM

[HEADING=2]Stack trace[/HEADING]
#0 src/addons/XFES/Elasticsearch/Api.php(393): XFES\Elasticsearch\Api->request('get', 'cl/_search', '{
    "sort": [...')
#1 src/addons/XFES/Elasticsearch/Api.php(291): XFES\Elasticsearch\Api->requestFromIndex('get', '_search', Array)
#2 src/addons/XFES/Search/Source/Elasticsearch.php(861): XFES\Elasticsearch\Api->search(Array)
#3 src/addons/XFES/Search/Source/Elasticsearch.php(157): XFES\Search\Source\Elasticsearch->executeSearch(Object(XF\Search\Query\KeywordQuery), Array, '200')
#4 src/XF/Search/Search.php(337): XFES\Search\Source\Elasticsearch->search(Object(XF\Search\Query\KeywordQuery), '200')
#5 src/XF/Search/Search.php(366): XF\Search\Search->XF\Search\{closure}(Object(XF\Search\Query\KeywordQuery), '200')
#6 src/XF/Search/Search.php(332): XF\Search\Search->executeSearch(Object(XF\Search\Query\KeywordQuery), '200', Object(Closure), true)
#7 src/XF/Repository/SearchRepository.php(37): XF\Search\Search->search(Object(XF\Search\Query\KeywordQuery))
#8 src/XF/Pub/Controller/SearchController.php(562): XF\Repository\SearchRepository->runSearch(Object(XF\Search\Query\KeywordQuery), Array, false)
#9 src/XF/Pub/Controller/SearchController.php(370): XF\Pub\Controller\SearchController->runSearch(Object(XF\Search\Query\KeywordQuery), Array, false)
#10 src/XF/Mvc/Dispatcher.php(362): XF\Pub\Controller\SearchController->actionMember(Object(XF\Mvc\ParameterBag))
#11 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Search', 'Member', Object(XF\Mvc\RouteMatch), Object(XFES\XF\Pub\Controller\Search), NULL)
#12 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XFES\XF\Pub\Controller\Search), NULL)
#13 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#14 src/XF/App.php(2826): XF\Mvc\Dispatcher->run()
#15 src/XF.php(806): XF\App->run()
#16 index.php(23): XF::runApp('XF\\Pub\\App')
#17 {main}

If the Elastic Search Server is unavailable or if there is a (temporary) connection error or timeout, the Server Logs will reveal the credentials to Elastic Search in Admin CP.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XFES release (2.3.5).

Change log:
Hide credentials from error message in ConnectException.
There may be a delay before changes are rolled out to the XenForo Community.
 
Back
Top Bottom