From 275ad40346653cacc97662b1241c9d7bbc684a9f Mon Sep 17 00:00:00 2001
From: the-djmaze <>
Date: Tue, 27 Feb 2024 11:25:34 +0100
Subject: [PATCH] Mask all POST data that has a key which contains `pass`

---
 .../app/libraries/RainLoop/ServiceActions.php     | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php b/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php
index f88ccc3744..627c24a9bb 100644
--- a/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php
+++ b/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php
@@ -112,15 +112,16 @@ public function ServiceJson() : string
 
 			$this->oActions->logWrite('Action: '.$sMethodName, \LOG_INFO, 'JSON');
 
-			$aPost = $_POST ?? null;
-			if ($aPost) {
-				$this->oActions->SetActionParams($aPost, $sMethodName);
-				foreach ($aPost as $key => $value) {
-					if (false !== \stripos($key, 'Password')) {
-						$aPost[$key] = '*******';
+			if ($_POST) {
+				$this->oActions->SetActionParams($_POST, $sMethodName);
+				foreach ($_POST as $key => $value) {
+					// password & passphrase
+					if (false !== \stripos($key, 'pass')) {
+//						$_POST[$key] = '*******';
+						$this->oActions->logMask($value);
 					}
 				}
-				$this->oActions->logWrite(Utils::jsonEncode($aPost), \LOG_INFO, 'POST');
+				$this->oActions->logWrite(Utils::jsonEncode($_POST), \LOG_INFO, 'POST');
 			} else if (3 < \count($this->aPaths) && $this->oHttp->IsGet()) {
 				$this->oActions->SetActionParams(array(
 					'RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3]