From b58d9857ccdbd973cc4961b5fb89b569d90a0712 Mon Sep 17 00:00:00 2001
From: wmax641 <wmax641@users.noreply.github.com>
Date: Wed, 4 Sep 2024 14:49:44 +1000
Subject: [PATCH] Fix redis password leakage in entrypoint_fpm.sh

entrypoint_fpm.sh prints out Redis password in plaintext to stdout
---
 core/files/entrypoint_fpm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh
index e5462b9..5be70e8 100755
--- a/core/files/entrypoint_fpm.sh
+++ b/core/files/entrypoint_fpm.sh
@@ -23,7 +23,7 @@ change_php_vars() {
         echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'"
         sed -i "s/max_input_time = .*/max_input_time = ${PHP_MAX_INPUT_TIME}/" "$FILE"
         sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE"
-        echo "Configure PHP | Setting 'session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'"
+        echo "Configure PHP | Setting 'session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD//?/x}'"
         sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE"
         sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE"
         sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE"