From f6e97b6e73be96e75ec606bda3d90126c69d7aee Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <admin@8chan.co>
Date: Mon, 19 May 2014 13:39:30 -0400
Subject: [PATCH] SECURITY: Remove $config[db][password] when $config[debug] is
 TRUE

---
 inc/display.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/inc/display.php b/inc/display.php
index bcde41d0..8a6ab2bf 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -109,6 +109,18 @@ function error($message, $priority = true, $debug_stuff = false) {
 		)));
 	}
 	
+	$pw = $config['db']['password'];
+	$debug_callback = function(&$item) use (&$debug_callback, $pw) {
+		global $config;
+		if (is_array($item)) {
+			$item = array_filter($item, $debug_callback);
+		}
+		return ($item !== $pw || !$pw);
+	};
+
+
+	$debug_stuff = array_filter($debug_stuff, $debug_callback);
+
 	die(Element('page.html', array(
 		'config' => $config,
 		'title' => _('Error'),