zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-16 09:37:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

Prevents EPP server from logging sensitive data

Browse source
This commit is contained in:
Pinga 2025-03-14 18:54:04 +02:00
parent 8ed1d1811a
commit a8b95dd087
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
epp/src/helpers.php
View file

@ -471,6 +471,8 @@ function createTransaction($db, $clid, $clTRID, $clTRIDframe) {
$dateForClTransaction = microtime(true);
$clmicrosecond = sprintf("%06d", ($dateForClTransaction - floor($dateForClTransaction)) * 1000000);
$clTRIDframe = preg_replace('/(<(?:pw|newPW|domain:pw|domain:ext|contact:pw|contact:ext)>)(.*?)(<\/(?:pw|newPW|domain:pw|domain:ext|contact:pw|contact:ext)>)/iu', '${1}*****${3}', $clTRIDframe);
if (empty($clTRID)) {
// If $clTRID is empty, generate a random string prefixed with "client-not-provided-"
$clTRID = 'client-not-provided-' . bin2hex(random_bytes(8)); // Generates a 16 character hexadecimal string
@ -506,6 +508,8 @@ function updateTransaction($db, $cmd, $obj_type, $obj_id, $code, $msg, $svTRID,
$dateForSvTransaction = microtime(true);
$svmicrosecond = sprintf("%06d", ($dateForSvTransaction - floor($dateForSvTransaction)) * 1000000);
$svTRIDframe = preg_replace('/(<(?:pw|newPW|domain:pw|domain:ext|contact:pw|contact:ext)>)(.*?)(<\/(?:pw|newPW|domain:pw|domain:ext|contact:pw|contact:ext)>)/iu', '${1}*****${3}', $svTRIDframe);
// Execute the statement
if (!$stmt->execute([
$cmd,