From 13448b831db225c35e18fd23b8fccc5c89b282af Mon Sep 17 00:00:00 2001 From: Richard Fairhurst Date: Mon, 29 Jan 2018 15:39:59 +0000 Subject: [PATCH] Really don't let passwords through to the logfile Currently passwords are logged if they're part of `query` - see #18 --- data_objects/lib/data_objects/uri.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_objects/lib/data_objects/uri.rb b/data_objects/lib/data_objects/uri.rb index 09d9a6fd..3f36911c 100644 --- a/data_objects/lib/data_objects/uri.rb +++ b/data_objects/lib/data_objects/uri.rb @@ -90,7 +90,7 @@ def to_s string << ":#{port}" if port string << path.to_s if query - string << "?" << query.map do |key, value| + string << "?" << query.select {|k,v| k!='password' }.map do |key, value| "#{key}=#{value}" end.join("&") end