do not log text input2.0.22.0.0

2 files changed, 12 insertions, 5 deletions

diff --git a/TODO.md b/TODO.md
index 5ca6258..9af2000 100644
--- a/TODO.md
+++ b/TODO.md
@@ -6,14 +6,10 @@
 * Docker support
 
 ## Security
-* do not log FormValue["text"] as it contains text data from edit
 * userless/guest read-only mode, user rw
   requires custom login window
 * two factor auth
   requires custom login window
-* docker support
-  no chroot - mount dir as / ?
-  env vars for port, etc?
 * garbage collect old f2b entries
 * f2b ddos prevention, sleep on too many bans?
 
diff --git a/handlers.go b/handlers.go
index 07f0ca4..519fbea 100644
--- a/handlers.go
+++ b/handlers.go
@@ -14,7 +14,7 @@ func wfm(w http.ResponseWriter, r *http.Request) {
 	if user == "" {
 		return
 	}
-	log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, r.Form)
+	go log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, noText(r.Form))
 	modern := false
 	if strings.HasPrefix(r.UserAgent(), "Mozilla/5") {
 		modern = true
@@ -114,3 +114,14 @@ func wfm(w http.ResponseWriter, r *http.Request) {
 func favicon(w http.ResponseWriter, r *http.Request) {
 	dispFavIcon(w)
 }
+
+func noText(m map[string][]string) map[string][]string {
+	o := make(map[string][]string)
+	for k, v := range m {
+		if k == "text" {
+			continue
+		}
+		o[k] = v
+	}
+	return o
+}