Patch to only print backtrace when 'debug == true' to suppress passwords

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Any failed login will print the backtrace which will also expose passwords 
in clear-text.

What version of the product are you using? On what operating system?
v 2.5.19 on Ubuntu 14.04 LTS.

Please provide PHP error log and any additional information below.
I could try to track down where the authentication calls are being made and try 
to catch
it there, but that wouldn't necessarily catch all instances.  By suppressing 
this in the
general handler it will catch all of them.  Note that simply setting an 
ignoredKeys
value doesn't help as the backtrace may have the password as an argument to a
function and it will not be suppressible.

This is a bigger issue when LDAP is enabled as the authentication may fail for 
reasons
other than incorrect user/password and cause the exposure of possibly 
enterprise-wide
passwords in the logs.

Finally, thanks for such a great app.

Original issue reported on code.google.com by snaggle...@gmail.com on 3 Jan 2015 at 7:31

Attachments:

• r.php.patch

[GoogleCodeExporter]

Good point, thanks for the patch. Will be in next release.

Original comment by samuli.j...@gmail.com on 4 Jan 2015 at 9:24

• Changed state: Accepted

[GoogleCodeExporter]

Included in .21 release

Original comment by samuli.j...@gmail.com on 6 Jan 2015 at 11:17

• Changed state: Fixed