Author: jvdrean Date: 2009-10-27 12:31:28 +0100 (Tue, 27 Oct 2009) New Revision: 24726 Modified: platform/xwiki-plugins/trunk/watchlist/src/main/java/com/xpn/xwiki/ plugin/watchlist/WatchListEvent.java Log: XPWATCHLIST-91 : Hide email fields in notifications Properties named "email" are now obfuscated. Modified: platform/xwiki-plugins/trunk/watchlist/src/main/java/com/ xpn/xwiki/plugin/watchlist/WatchListEvent.java =================================================================== --- platform/xwiki-plugins/trunk/watchlist/src/main/java/com/xpn/ xwiki/plugin/watchlist/WatchListEvent.java 2009-10-26 16:45:15 UTC (rev 24725) +++ platform/xwiki-plugins/trunk/watchlist/src/main/java/com/xpn/ xwiki/plugin/watchlist/WatchListEvent.java 2009-10-27 11:31:28 UTC (rev 24726) @@ -78,6 +78,16 @@ private static final String PREINITIAL_DOCUMENT_VERSION = "1.0"; /** + * Value to display in diffs for hidden properties (email, password, etc). + */ + private static final String HIDDEN_PROPERTIES_OBFUSCATED_VALUE = "******************"; + + /** + * Name of email property. + */ + private static final String EMAIL_PROPERTY_NAME = "email"; +

+ /** * Event hashcode. */ private final int hashCode; @@ -437,9 +447,10 @@ diff.getDifferencesAsHTML(objectDiff.getPrevValue().toString(), objectDiff.getNewValue().toString(), false); - if (objectDiff .getPropType ().equals (StringUtils.substringAfterLast(PasswordClass.class.getName(), ".")) - && !StringUtils.isBlank(propDiff)) { - propDiff = "******************"; + // We hide PasswordClass properties and properties named "email" from notifications for security reasons. + if ((objectDiff .getPropType ().equals (StringUtils.substringAfterLast(PasswordClass.class.getName(), ".")) + || objectDiff.getPropName().equals(EMAIL_PROPERTY_NAME)) && ! StringUtils.isBlank(propDiff)) { + propDiff = HIDDEN_PROPERTIES_OBFUSCATED_VALUE; } return propDiff;