From 91757fff4b8c5931f002eca5ae400a1334f63713 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Fri, 29 Jan 2016 02:01:18 +0000
Subject: [PATCH] SECURITY: Redact passwords in API log

Bug: T125177
Change-Id: Id527e1e874c8246e047efd5da1ce93d5231b60c1
---
 includes/api/ApiMain.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 6ddc28a..873e1a5 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1331,6 +1331,10 @@ class ApiMain extends ApiBase {
 				continue;
 			}
 
+			if ( $name === 'lgpassword' ) {
+				$value = 'REDACTED';
+			}
+
 			if ( strlen( $value ) > 256 ) {
 				$value = substr( $value, 0, 256 );
 				$encValue = $this->encodeRequestLogValue( $value ) . '[...]';
-- 
1.9.1