[Catalyst] Re: Supressing passwords in debug messages
Ansgar Burchardt
ansgar at 2008.43-1.org
Sun Jan 11 15:00:32 GMT 2009
Hi,
"J. Shirley" <jshirley at gmail.com> writes:
> === lib/Catalyst.pm
> ==================================================================
> --- lib/Catalyst.pm (revision 18145)
> +++ lib/Catalyst.pm (local)
> @@ -1830,7 +1830,11 @@
>
> if ( $c->debug && keys %{ $c->request->query_parameters } ) {
> my $t = Text::SimpleTable->new( [ 35, 'Parameter' ], [ 36, 'Value' ] );
> + my %skip = map { $_ => $_ } @{
> + $c->config->{'Plugin::Debug'}->{'skip_dump_parameters'} || []
> + };
> for my $key ( sort keys %{ $c->req->query_parameters } ) {
> + next if $skip{$key};
> my $param = $c->req->query_parameters->{$key};
> my $value = defined($param) ? $param : '';
> $t->row( $key,
I think it would be better to show that the parameter was sent, but
Catalyst configured to not display its value. This can be done for
example by displaying a value of `(hidden)'.
If the parameter is simply skipped, it might be confusing if you forget
that you configured Catalyst to not display it.
Regards,
Ansgar
--
PGP: 1024D/595FAD19 739E 2D09 0969 BEA9 9797 B055 DDB0 2FF7 595F AD19
More information about the Catalyst
mailing list