SECURITY: API: Don't log "sensitive" parameters

[lhc/web/wiklou.git] / includes / api / ApiBase.php

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index fec4234..b698cef 100644 (file)
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -188,6 +188,13 @@ abstract class ApiBase extends ContextSource {
         */
        const PARAM_EXTRA_NAMESPACES = 18;
 
+       /*
+        * (boolean) Is the parameter sensitive? Note 'password'-type fields are
+        * always sensitive regardless of the value of this field.
+        * @since 1.29
+        */
+       const PARAM_SENSITIVE = 19;
+
        /**@}*/
 
        const ALL_DEFAULT_STRING = '*';
@@ -1025,6 +1032,10 @@ abstract class ApiBase extends ContextSource {
                        } else {
                                $type = 'NULL'; // allow everything
                        }
+
+                       if ( $type == 'password' || !empty( $paramSettings[self::PARAM_SENSITIVE] ) ) {
+                               $this->getMain()->markParamsSensitive( $encParamName );
+                       }
                }
 
                if ( $type == 'boolean' ) {
@@ -2030,6 +2041,7 @@ abstract class ApiBase extends ContextSource {
                        $params['token'] = [
                                ApiBase::PARAM_TYPE => 'string',
                                ApiBase::PARAM_REQUIRED => true,
+                               ApiBase::PARAM_SENSITIVE => true,
                                ApiBase::PARAM_HELP_MSG => [
                                        'api-help-param-token',
                                        $this->needsToken(),