Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

One more modification to the warnings.

Browse source 
Make CURLOPT_VERBOSE commented along with a notice that it should not be
uncommented when running in production.
This commit is contained in:
Ricky Zhou (周家杰) 2009-08-14 22:09:22 -04:00
parent 692acc9eaf
commit b6f2bc67e2
2 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
plugins/wordpress-mu-plugin-fasauth/fasauth.php
View file

@ -45,13 +45,13 @@ if (!function_exists('wp_authenticate')) {
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
# WARNING: Never leave this on in production, as it will cause
# plaintext passwords to show up in error logs.
curl_setopt($ch, CURLOPT_VERBOSE, 0);
# WARNING: Never enable this line when running in production, as it will
# cause plaintext passwords to show up in error logs.
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
# The following two lines need to be uncommented when using a test FAS
# with an invalid cert. Otherwise they should be commented (or set to
# True) for security.
# with an invalid cert. Otherwise they should be commented out (or set
# to True) for security.
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

10
scripts/Auth_FAS_MediaWiki/Auth_FAS.php
View file

@ -15,13 +15,13 @@ class Auth_FAS extends AuthPlugin {
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
# WARNING: Never leave this on in production, as it will cause
# plaintext passwords to show up in error logs.
curl_setopt($ch, CURLOPT_VERBOSE, 0);
# WARNING: Never enable this line when running in production, as it will
# cause plaintext passwords to show up in error logs.
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
# The following two lines need to be uncommented when using a test FAS
# with an invalid cert. Otherwise they should be commented (or set to
# True) for security.
# with an invalid cert. Otherwise they should be commented out (or set
# to True) for security.
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);