do not log text input

tenox7 · Mar 28, 2022 · a1b8473 · a1b8473
1 parent e861dde
commit a1b8473
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/TODO.md b/TODO.md
@@ -6,14 +6,10 @@
 * Docker support
 
 ## Security
-* do not log FormValue["text"] as it contains text data from edit
 * userless/guest read-only mode, user rw
   requires custom login window
 * two factor auth
   requires custom login window
-* docker support
-  no chroot - mount dir as / ?
-  env vars for port, etc?
 * garbage collect old f2b entries
 * f2b ddos prevention, sleep on too many bans?
 

diff --git a/handlers.go b/handlers.go
@@ -14,7 +14,7 @@ func wfm(w http.ResponseWriter, r *http.Request) {
 	if user == "" {
 		return
 	}
-	log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, r.Form)
+	go log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, noText(r.Form))
 	modern := false
 	if strings.HasPrefix(r.UserAgent(), "Mozilla/5") {
 		modern = true
@@ -114,3 +114,14 @@ func wfm(w http.ResponseWriter, r *http.Request) {
 func favicon(w http.ResponseWriter, r *http.Request) {
 	dispFavIcon(w)
 }
+
+func noText(m map[string][]string) map[string][]string {
+	o := make(map[string][]string)
+	for k, v := range m {
+		if k == "text" {
+			continue
+		}
+		o[k] = v
+	}
+	return o
+}