so when you try to register an account and the e-mail validation fails, the attempt is logged (via the stacktrace) and the cleartext password can be seen both in the webinterface (manage -> exceptions) as well as the error log (/var/log/apache2/mellivora-error.log).
Leaking/logging passwords to an admin due to incorrect input should not happen, this should not show up in the stack trace.
Hi,
so when you try to register an account and the e-mail validation fails, the attempt is logged (via the stacktrace) and the cleartext password can be seen both in the webinterface (manage -> exceptions) as well as the error log (/var/log/apache2/mellivora-error.log).
Leaking/logging passwords to an admin due to incorrect input should not happen, this should not show up in the stack trace.
[Sun Mar 31 20:09:29.834193 2019] [php7:notice] [pid 11051] [client 192.168.178.21:42436] Exception: Invalid Email in /srv/www/mellivora/include/email.inc.php:150\nStack trace:\n#0 /srv/www/mellivora/include/session.inc.php(450): validate_email('a@b')\n#1 /srv/www/mellivora/htdocs/actions/register.php(31): register_account('a@b', 'password', 'Admin', '83', NULL)\n#2 {main}, referer: http://192.168.178.23/registerBest regards, Julian