GitHub: don't display access token in debug log
parent
bfba228b5a
commit
f9fccbab1e
|
@ -301,7 +301,7 @@ class RemoteFilesystem
|
||||||
|
|
||||||
$actualContextOptions = stream_context_get_options($ctx);
|
$actualContextOptions = stream_context_get_options($ctx);
|
||||||
$usingProxy = !empty($actualContextOptions['http']['proxy']) ? ' using proxy ' . $actualContextOptions['http']['proxy'] : '';
|
$usingProxy = !empty($actualContextOptions['http']['proxy']) ? ' using proxy ' . $actualContextOptions['http']['proxy'] : '';
|
||||||
$this->io->writeError((substr($origFileUrl, 0, 4) === 'http' ? 'Downloading ' : 'Reading ') . $origFileUrl . $usingProxy, true, IOInterface::DEBUG);
|
$this->io->writeError((substr($origFileUrl, 0, 4) === 'http' ? 'Downloading ' : 'Reading ') . $this->stripCredentialsFromUrl($origFileUrl) . $usingProxy, true, IOInterface::DEBUG);
|
||||||
unset($origFileUrl, $actualContextOptions);
|
unset($origFileUrl, $actualContextOptions);
|
||||||
|
|
||||||
// Check for secure HTTP, but allow insecure Packagist calls to $hashed providers as file integrity is verified with sha256
|
// Check for secure HTTP, but allow insecure Packagist calls to $hashed providers as file integrity is verified with sha256
|
||||||
|
@ -873,7 +873,7 @@ class RemoteFilesystem
|
||||||
$this->redirects++;
|
$this->redirects++;
|
||||||
|
|
||||||
$this->io->writeError('', true, IOInterface::DEBUG);
|
$this->io->writeError('', true, IOInterface::DEBUG);
|
||||||
$this->io->writeError(sprintf('Following redirect (%u) %s', $this->redirects, $targetUrl), true, IOInterface::DEBUG);
|
$this->io->writeError(sprintf('Following redirect (%u) %s', $this->redirects, $this->stripCredentialsFromUrl($targetUrl)), true, IOInterface::DEBUG);
|
||||||
|
|
||||||
$additionalOptions['redirects'] = $this->redirects;
|
$additionalOptions['redirects'] = $this->redirects;
|
||||||
|
|
||||||
|
@ -1123,4 +1123,15 @@ class RemoteFilesystem
|
||||||
|
|
||||||
return $hostPort;
|
return $hostPort;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function stripCredentialsFromUrl($url)
|
||||||
|
{
|
||||||
|
// GitHub repository rename result in redirect locations containing the access_token as GET parameter
|
||||||
|
// e.g. https://api.github.com/repositories/9999999999?access_token=github_token
|
||||||
|
if (preg_match('{^(https?://([a-z0-9-]+\.)*github\.com/.*)\?access_token=[a-z0-9]+}', $url, $matches)) {
|
||||||
|
return $matches[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $url;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue