From d6e5d1fae0535d3ac0f4234585d00c443cc44783 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Tue, 19 Mar 2024 12:31:11 +0600
Subject: [PATCH] pkp/pkp-lib#9789 sensitive config data handle

---
 classes/config/Config.php      | 28 ++++++++++++++++++++++++++++
 templates/admin/systemInfo.tpl |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/classes/config/Config.php b/classes/config/Config.php
index be9543345eb..e24801a9a0a 100644
--- a/classes/config/Config.php
+++ b/classes/config/Config.php
@@ -29,6 +29,34 @@
 
 class Config
 {
+    /**
+     * The sensitive data from the config files in the formate of `section` to `keys` mapping as
+     * [
+     *   'section1' => ['key1', 'key2', ...],
+     *   'section2' => ['key1', 'key2', ...],
+     * ]
+     */
+    public const SENSITIVE_DATA = [
+        'database' => [
+            'password',
+        ],
+        'email' => [
+            'smtp_password',
+        ],
+    ];
+
+    /**
+     * Check and determine if the given section key is sensitive data or not
+     */
+    public static function isSensitive(string $section, string $key): bool
+    {
+        if (!isset(static::SENSITIVE_DATA[$section])) {
+            return false;
+        }
+
+        return in_array($key, static::SENSITIVE_DATA[$section]);
+    }
+    
     /**
      * Retrieve a specified configuration variable.
      *
diff --git a/templates/admin/systemInfo.tpl b/templates/admin/systemInfo.tpl
index 70d16256f33..4fda4ad2834 100644
--- a/templates/admin/systemInfo.tpl
+++ b/templates/admin/systemInfo.tpl
@@ -98,7 +98,7 @@
 					{foreach from=$settings item="value" key="name"}
 								<tr>
 									<td>{$name|escape}</td>
-									{if $name === "password"}
+									{if \PKP\config\Config::isSensitive($category, $name)}
 										<td>**************</td>
 									{else}
 										<td>{$value|escape}</td>