From 62afe7fe7af6fae6f5b23172b819fb8298ef291e Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Tue, 26 Nov 2013 12:26:32 +0100
Subject: [PATCH] remove passwords from logfile

---
 lib/private/log/owncloud.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/private/log/owncloud.php b/lib/private/log/owncloud.php
index 15cace88f4..4c86d0e45e 100644
--- a/lib/private/log/owncloud.php
+++ b/lib/private/log/owncloud.php
@@ -68,6 +68,8 @@ class OC_Log_Owncloud {
 				$timezone = new DateTimeZone('UTC');
 			}
 			$time = new DateTime(null, $timezone);
+			// remove username/passswords from URLs before writing the to the log file
+			$message = preg_replace('/\/\/(.*):(.*)@/', '//xxx:xxx@', $message);
 			$entry=array('app'=>$app, 'message'=>$message, 'level'=>$level, 'time'=> $time->format($format));
 			$entry = json_encode($entry);
 			$handle = @fopen(self::$logFile, 'a');