From 329f8b51dca8505fcf2d40d52faa3667cf86266b Mon Sep 17 00:00:00 2001
From: Andrew McMillan <andrew@morphoss.com>
Date: Sat, 14 Jan 2012 19:09:53 +1300
Subject: [PATCH] LDAP driver should not log password unless password logging
 is specifically on.

---
 inc/drivers_ldap.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php
index daeb8780..a784e48e 100644
--- a/inc/drivers_ldap.php
+++ b/inc/drivers_ldap.php
@@ -222,8 +222,8 @@ class ldapDrivers
       }
     }
 
-
-    dbg_error_log( "LDAP", "drivers_ldap : Bound to user %s using password %s", $dnUser, $passwd );
+    dbg_error_log( "LDAP", "drivers_ldap : Bound to user %s using password %s", $dnUser,
+          (isset($c->dbg['password']) && $c->dbg['password'] ? $passwd : 'another delicious password for the debugging monster!') );
 
     $i = ldap_first_entry($this->connect,$entry);
     $arr = ldap_get_attributes($this->connect,$i);