lexik · darkwhispering · Aug 26, 2016
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -22,6 +22,9 @@ public function getConfigTreeBuilder()
 
         $rootNode
             ->children()
+                ->arrayNode('sensitive_data_keys')
+                    ->prototype('scalar')->end()
+                ->end()
                 ->scalarNode('base_layout')
                     ->cannotBeEmpty()
                     ->defaultValue('LexikMonologBrowserBundle::layout.html.twig')

diff --git a/DependencyInjection/LexikMonologBrowserExtension.php b/DependencyInjection/LexikMonologBrowserExtension.php
@@ -28,6 +28,7 @@ public function load(array $configs, ContainerBuilder $container)
 
         $container->setParameter('lexik_monolog_browser.base_layout', $config['base_layout']);
         $container->setParameter('lexik_monolog_browser.logs_per_page', $config['logs_per_page']);
+        $container->setParameter('lexik_monolog_browser.sensitive_data_keys', $config['sensitive_data_keys']);
 
         $container->setParameter('lexik_monolog_browser.doctrine.table_name', $config['doctrine']['table_name']);
 

diff --git a/Handler/DoctrineDBALHandler.php b/Handler/DoctrineDBALHandler.php
@@ -31,18 +31,19 @@ class DoctrineDBALHandler extends AbstractProcessingHandler
     /**
      * @param Connection $connection
      * @param string     $tableName
+     * @param array      $sensitiveDataKeys
      * @param int        $level
-     * @param string     $bubble
+     * @param bool       $bubble
      */
-    public function __construct(Connection $connection, $tableName, $level = Logger::DEBUG, $bubble = true)
+    public function __construct(Connection $connection, $tableName, array $sensitiveDataKeys = [], $level = Logger::DEBUG, $bubble = true)
     {
         $this->connection = $connection;
         $this->tableName  = $tableName;
 
         parent::__construct($level, $bubble);
 
         $this->pushProcessor(new WebProcessor());
-        $this->pushProcessor(new WebExtendedProcessor());
+        $this->pushProcessor(new WebExtendedProcessor($sensitiveDataKeys));
     }
 
     /**

diff --git a/Processor/WebExtendedProcessor.php b/Processor/WebExtendedProcessor.php
@@ -4,6 +4,13 @@
 
 class WebExtendedProcessor
 {
+    const SENSITIVE_DATA_MSG = '** SENSITIVE DATA HIDDEN **';
+
+    /**
+     * @var array
+     */
+    protected $sensitiveDataKeys;
+
     /**
      * @var array
      */
@@ -20,19 +27,22 @@ class WebExtendedProcessor
     protected $getData;
 
     /**
+     * @param array $sensitiveDataKeys
      * @param array $serverData
      * @param array $postData
      * @param array $getData
      */
-    public function __construct(array $serverData = array(), array $postData = array(), array $getData = array())
+    public function __construct(array $sensitiveDataKeys = [], array $serverData = [], array $postData = [], array $getData = [])
     {
-        $this->serverData = $serverData ?: $_SERVER;
-        $this->postData   = $postData   ?: $_POST;
-        $this->getData    = $getData    ?: $_GET;
+        $this->sensitiveDataKeys = $sensitiveDataKeys;
+        $this->serverData        = $serverData ?: $_SERVER;
+        $this->postData          = $postData ?: $_POST;
+        $this->getData           = $getData ?: $_GET;
     }
 
     /**
      * @param  array $record
+     *
      * @return array
      */
     public function __invoke(array $record)
@@ -47,6 +57,15 @@ public function __invoke(array $record)
         $record['http_post']   = $this->postData;
         $record['http_get']    = $this->getData;
 
+        // Hide sensitive data in POST request
+        if (!empty($this->sensitiveDataKeys) && !empty($record['http_post'])) {
+            foreach ($record['http_post'] as $key => $value) {
+                if (in_array($key, $this->sensitiveDataKeys)) {
+                    $record['http_post'][$key] = self::SENSITIVE_DATA_MSG;
+                }
+            }
+        }
+
         return $record;
     }
 }
diff --git a/README.md b/README.md
@@ -141,7 +141,7 @@ monolog:
             id:           lexik_monolog_browser.handler.doctrine_dbal
 ```
 
-Now you have enabled and configured the handler, you migth want to display log entries, just import the routing file:
+Now you have enabled and configured the handler, you might want to display log entries, just import the routing file:
 
 ``` yaml
 # app/config/routing.yml
@@ -150,6 +150,14 @@ lexik_monolog_browser:
     prefix:   /admin/monolog
 ```
 
+If you have sensitive data in your POST requests that should not be logged, you can hide them with the `sensitive_data_keys` option. You can add as many keys as you need. If a listed key is found in a POST request the value of the key will be replaced with `** SENSITIVE DATA HIDDEN **` 
+
+``` yaml
+# app/config/config.yml
+lexik_monolog_browser:
+    sensitive_data_keys: ['password']
+```
+
 Translations
 ------------
 

diff --git a/Resources/config/services.xml b/Resources/config/services.xml
@@ -13,6 +13,7 @@
         <service id="lexik_monolog_browser.handler.doctrine_dbal" class="%lexik_monolog_browser.handler.doctrine_dbal.class%">
             <argument type="service" id="lexik_monolog_browser.doctrine_dbal.connection" />
             <argument>%lexik_monolog_browser.doctrine.table_name%</argument>
+            <argument>%lexik_monolog_browser.sensitive_data_keys%</argument>
         </service>
 
         <service id="lexik_monolog_browser.model.log_repository" class="%lexik_monolog_browser.model.log_repository.class%">