From 433ab8e6d309a2174c5b523f3a6c354f14f61587 Mon Sep 17 00:00:00 2001
From: Robert Lyon <robertl@catalyst.net.nz>
Date: Tue, 23 May 2017 14:12:50 +1200
Subject: [PATCH] Bug 1692749: Security: Stop event log having plain text
 passwords

This patch only deals with:
1) removing passwords from existing event_log table data
2) stopping the recording of passwords into the event_log table
3) sets the reset password on next login for those users

It doesn't deal with removing the unnecessary cruft information
that will be handled by the bug 1692385

behatnotneeded

Change-Id: Id29148f78fa6918f5f5afcb89d211ccb3b60c95b
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
---
 htdocs/lib/db/upgrade.php | 25 +++++++++++++++++++++++++
 htdocs/lib/mahara.php     |  3 +++
 htdocs/lib/version.php    |  2 +-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/htdocs/lib/db/upgrade.php b/htdocs/lib/db/upgrade.php
index 56744873db..ca576aa4f3 100644
--- a/htdocs/lib/db/upgrade.php
+++ b/htdocs/lib/db/upgrade.php
@@ -4975,5 +4975,30 @@ function xmldb_core_upgrade($oldversion=0) {
         }
     }
 
+    if ($oldversion < 2017052300) {
+        if ($records = get_records_sql_array("SELECT event, data, time FROM {event_log} WHERE event = ?", array('createuser'))) {
+            log_debug('Remove sensitive data from event_log');
+            $count = 0;
+            $limit = 1000;
+            $total = count($records);
+            foreach ($records as $record) {
+                $where = clone $record;
+                $data = json_decode($record->data);
+                if (isset($data->password)) {
+                    unset($data->password);
+                    $cleandata = json_encode($data);
+                    $record->data = $cleandata;
+                    update_record('event_log', $record, $where);
+                    set_field('usr', 'passwordchange', 1, 'username', $data->username);
+                }
+                $count++;
+                if (($count % $limit) == 0 || $count == $total) {
+                    log_debug("$count/$total");
+                    set_time_limit(30);
+                }
+            }
+        }
+    }
+
     return $status;
 }
diff --git a/htdocs/lib/mahara.php b/htdocs/lib/mahara.php
index f6c514b5cf..918519d5e1 100644
--- a/htdocs/lib/mahara.php
+++ b/htdocs/lib/mahara.php
@@ -1869,6 +1869,9 @@ function handle_event($event, $data) {
         );
     }
     else if (is_object($data)) {
+        if (isset($data->password)) {
+            unset($data->password);
+        }
         $data = (array)$data;
     }
     else if (is_numeric($data)) {
diff --git a/htdocs/lib/version.php b/htdocs/lib/version.php
index 6ce19b6da1..be6d5611b5 100644
--- a/htdocs/lib/version.php
+++ b/htdocs/lib/version.php
@@ -16,7 +16,7 @@ $config = new stdClass();
 // See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
 // For upgrades on stable branches, increment the version by one.  On master, use the date.
 
-$config->version = 2017051100;
+$config->version = 2017052300;
 $config->series = '17.10';
 $config->release = '17.10dev';
 $config->minupgradefrom = 2012080604;
-- 
GitLab