Dolibarr: MAIN_MAIL_SMTPS_PW in "About Dolibar" not senstiv data

Created on 1 Aug 2019  路  20Comments  路  Source: Dolibarr/dolibarr

MAIN_MAIL_SMTPS_PW is in the Site "About Dolibarr" (Admin Tools -> About Dolibarr) not a senstiv object (unreadable) but this value is a password. The object "dolibarr_main_db_pass" is senstive.

Feature request Issue Stale (automatic label)

All 20 comments

no response or tagging in this case?

Sorry, I don't understand what you want to tell us in your issue. Can you elaborate? Provide a screenshot? What you think should be done ?

Please try to follow the issue template next time.

image

This is what I mean and comes from */admin/system/dolibarr.php?mainmenu=home&leftmenu=admintools_info

As you can see, in the database section form this page it is sensitive value.
image

@atm-maxime I hope this is information enough. Should I do a pull request in the next days to upload fixed code or would you fix this by yourself?

@pthoelken if you have a fix for it a PR would be helpful. Just reviewing a change is far easier to do and even possible to do on the go.

I would prefer this method to hide the clear data (password) in the grid view.

preg_replace('/./i', '***', <PASWORD HERE>);

I think the right file is "admin.php" but I can do a pull request in the next days if I have some free time for this.

Is that the common way to hide sensitive data?
We should "copy" the way it is already handled for other data

Yes. This is the common way from Dolibarr. You can check this here.

@pthoelken are you doing the PR?

Ok otherwise I can fix it today itself, it's why I asked the question

Yes. I'll do that if I have more free time. Currently I'm on vacation.

Okay, you can do it as well. Your choise. If you're done you can close the issue.

@laudeco Do you fix it already or should I do that in the next days?

I assigned the ticket to you ;-), you said you will fix it/

Okey, Yes. I will fix it as soon as possible (currently no much free time). What should I do? PR > Fix > Push request to "develop" or in which branch should I push it?

@pthoelken create a branch on your fork and send the PR to develop

but you can still view it in emails settings... input type password hide nothing
S茅lection_037

@frederic34
yes like many things that go unencrypted but are encrypted with "https" !
what can be seen in clear locally is not necessarily visible online! ;-)

This issue is stale because it has been open 1 year with no activity. If this is a bug, please comment to confirm it is still present on latest stable version. if this is a feature request, please comment to notify the request is still relevant and not yet covered by latest stable version. This issue may be closed automatically by stale bot in 10 days (you should still be able to re-open it if required).

Was this page helpful?
0 / 5 - 0 ratings

Related issues

asolslk picture asolslk  路  4Comments

OrenSavichWS picture OrenSavichWS  路  3Comments

borsti67 picture borsti67  路  5Comments

sam-anam1 picture sam-anam1  路  4Comments

aljawaid picture aljawaid  路  5Comments