diff options
author | Antoni Sawicki <tenox@google.com> | 2022-03-28 02:02:12 -0700 |
---|---|---|
committer | Antoni Sawicki <tenox@google.com> | 2022-03-28 02:02:12 -0700 |
commit | a1b84733f10c9e0382fa0bb58ec76f0a1448f179 (patch) | |
tree | 6e1ae84412d1e73b8100dfe6ac061c3eabe0be83 | |
parent | e861dde736cb2c944bd1221191490986c4c53c05 (diff) | |
download | wfm-2.0.2.tar.gz |
-rw-r--r-- | TODO.md | 4 | ||||
-rw-r--r-- | handlers.go | 13 |
2 files changed, 12 insertions, 5 deletions
@@ -6,14 +6,10 @@ * Docker support ## Security -* do not log FormValue["text"] as it contains text data from edit * userless/guest read-only mode, user rw requires custom login window * two factor auth requires custom login window -* docker support - no chroot - mount dir as / ? - env vars for port, etc? * garbage collect old f2b entries * f2b ddos prevention, sleep on too many bans? diff --git a/handlers.go b/handlers.go index 07f0ca4..519fbea 100644 --- a/handlers.go +++ b/handlers.go @@ -14,7 +14,7 @@ func wfm(w http.ResponseWriter, r *http.Request) { if user == "" { return } - log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, r.Form) + go log.Printf("req from=%q user=%q uri=%q form=%v", r.RemoteAddr, user, r.RequestURI, noText(r.Form)) modern := false if strings.HasPrefix(r.UserAgent(), "Mozilla/5") { modern = true @@ -114,3 +114,14 @@ func wfm(w http.ResponseWriter, r *http.Request) { func favicon(w http.ResponseWriter, r *http.Request) { dispFavIcon(w) } + +func noText(m map[string][]string) map[string][]string { + o := make(map[string][]string) + for k, v := range m { + if k == "text" { + continue + } + o[k] = v + } + return o +} |