#9789 sensitive config data handle

pkp · Mar 19, 2024 · d6e5d1f · d6e5d1f
1 parent a95b221
commit d6e5d1f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/classes/config/Config.php b/classes/config/Config.php
@@ -29,6 +29,34 @@
 
 class Config
 {
+    /**
+     * The sensitive data from the config files in the formate of `section` to `keys` mapping as
+     * [
+     *   'section1' => ['key1', 'key2', ...],
+     *   'section2' => ['key1', 'key2', ...],
+     * ]
+     */
+    public const SENSITIVE_DATA = [
+        'database' => [
+            'password',
+        ],
+        'email' => [
+            'smtp_password',
+        ],
+    ];
+
+    /**
+     * Check and determine if the given section key is sensitive data or not
+     */
+    public static function isSensitive(string $section, string $key): bool
+    {
+        if (!isset(static::SENSITIVE_DATA[$section])) {
+            return false;
+        }
+
+        return in_array($key, static::SENSITIVE_DATA[$section]);
+    }
+
     /**
      * Retrieve a specified configuration variable.
      *

diff --git a/templates/admin/systemInfo.tpl b/templates/admin/systemInfo.tpl
@@ -98,7 +98,7 @@
 					{foreach from=$settings item="value" key="name"}
 								<tr>
 									<td>{$name|escape}</td>
-									{if $name === "password"}
+									{if \PKP\config\Config::isSensitive($category, $name)}
 										<td>**************</td>
 									{else}
 										<td>{$value|escape}</td>