Merge "Bug 1692749: Security: Stop event log having plain text passwords"

htdocs/lib/db/upgrade.php

@@ -4975,5 +4975,30 @@ function xmldb_core_upgrade($oldversion=0) {
         }
     }
 
+    if ($oldversion < 2017052300) {
+        if ($records = get_records_sql_array("SELECT event, data, time FROM {event_log} WHERE event = ?", array('createuser'))) {
+            log_debug('Remove sensitive data from event_log');
+            $count = 0;
+            $limit = 1000;
+            $total = count($records);
+            foreach ($records as $record) {
+                $where = clone $record;
+                $data = json_decode($record->data);
+                if (isset($data->password)) {
+                    unset($data->password);
+                    $cleandata = json_encode($data);
+                    $record->data = $cleandata;
+                    update_record('event_log', $record, $where);
+                    set_field('usr', 'passwordchange', 1, 'username', $data->username);
+                }
+                $count++;
+                if (($count % $limit) == 0 || $count == $total) {
+                    log_debug("$count/$total");
+                    set_time_limit(30);
+                }
+            }
+        }
+    }
+
     return $status;
 }

htdocs/lib/mahara.php

@@ -1869,6 +1869,9 @@ function handle_event($event, $data) {
         );
     }
     else if (is_object($data)) {
+        if (isset($data->password)) {
+            unset($data->password);
+        }
         $data = (array)$data;
     }
     else if (is_numeric($data)) {

htdocs/lib/version.php

@@ -16,7 +16,7 @@ $config = new stdClass();
 // See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
 // For upgrades on stable branches, increment the version by one.  On master, use the date.
 
-$config->version = 2017051100;
+$config->version = 2017052300;
 $config->series = '17.10';
 $config->release = '17.10dev';
 $config->minupgradefrom = 2012080604;