Merge pull request #2463 from nextcloud/stable10-2306

[stable10] Don't log the user password in case something goes wrong

apps/admin_audit/lib/actions/action.php

@@ -41,18 +41,28 @@ class Action {
 	 * @param string $text
 	 * @param array $params
 	 * @param array $elements
+	 * @param bool $obfuscateParameters
 	 */
 	public function log($text,
 						array $params,
-						array $elements) {
+						array $elements,
+						$obfuscateParameters = false) {
 		foreach($elements as $element) {
 			if(!isset($params[$element])) {
-				$this->logger->critical(
+				if ($obfuscateParameters) {
-					sprintf(
+					$this->logger->critical(
-						'$params["'.$element.'"] was missing. Transferred value: %s',
+						'$params["'.$element.'"] was missing.',
-						print_r($params, true)
+						['app' => 'admin_audit']
-					)
+					);
-				);
+				} else {
+					$this->logger->critical(
+						sprintf(
+							'$params["'.$element.'"] was missing. Transferred value: %s',
+							print_r($params, true)
+						),
+						['app' => 'admin_audit']
+					);
+				}
 				return;
 			}
 		}

apps/admin_audit/lib/actions/auth.php

@@ -34,7 +34,8 @@ class Auth extends Action {
 			$params,
 			[
 				'uid',
-			]
+			],
+			true
 		);
 	}
 
@@ -44,7 +45,8 @@ class Auth extends Action {
 			$params,
 			[
 				'uid',
-			]
+			],
+			true
 		);
 	}