From b18cf58c8f607bed64d821fcc856e251a391df6a Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 3 May 2016 14:45:36 -0400
Subject: Sanitize sensitive data of out config file for the system console
 (#2849)

---
 api/admin.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'api/admin.go')

diff --git a/api/admin.go b/api/admin.go
index 930170619..7ab2c9cfc 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -127,10 +127,11 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	json := utils.Cfg.ToJson()
 	cfg := model.ConfigFromJson(strings.NewReader(json))
-	json = cfg.ToJson()
+
+	cfg.Sanitize()
 
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
-	w.Write([]byte(json))
+	w.Write([]byte(cfg.ToJson()))
 }
 
 func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -145,6 +146,7 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	cfg.SetDefaults()
+	utils.Desanitize(cfg)
 
 	if err := cfg.IsValid(); err != nil {
 		c.Err = err
@@ -160,8 +162,10 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	utils.SaveConfig(utils.CfgFileName, cfg)
 	utils.LoadConfig(utils.CfgFileName)
-	json := utils.Cfg.ToJson()
-	w.Write([]byte(json))
+
+	rdata := map[string]string{}
+	rdata["status"] = "OK"
+	w.Write([]byte(model.MapToJson(rdata)))
 }
 
 func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
-- 
cgit v1.2.3-1-g7c22