Implements increased security measures concerning the sending of sett…

…ings (#94)

* Added new setting to allow users to send module settings (default: false)

* Added poor man's filter and fixed bug with sending module settings.

* Removed left over debugging tools.

* Added some extra styling per Calego's request.

Module/lang/en.json

@@ -25,7 +25,8 @@
         "incomplete": "Please finish filling out required values."
       },
       "options": {
-        "activemod": "Send list of active modules with report"
+        "activemod": "Send list of active modules with report",
+        "sendModSettings": "Send module's settings with report"
       }
     },
     "bugButton": {

Module/main.js

@@ -44,8 +44,11 @@ const generateModuleSettings = (mod) => {
     if (setting.module === mod.data.name) {
       // only allow scalars
       if (setting.config && setting.type !== "object") {
-        let setVal = game.settings.get(mod.data.name, setting.key);
-        modSettings.push(`${setting.key}: ${setVal}`);
+        const ignore = ["cookie", "password", "secret", "token"].some(badKey => setting.key.includes(badKey));
+        if (!ignore){
+          let setVal = game.settings.get(mod.data.name, setting.key);
+          modSettings.push(`${setting.key}: ${setVal}`);
+        }
       }
     }
   })
@@ -267,7 +270,7 @@ class BugReportForm extends FormApplication {
   async _updateObject(ev, formData) {
     // obtain original data
     const mod = this.module;
-    const {formFields: { bugTitle, bugDescription, issuer, label, sendActiveModules }} = expandObject(formData);
+    const {formFields: { bugTitle, bugDescription, issuer, label, sendActiveModules, sendModSettings }} = expandObject(formData);
 
     // if any of our warnings are not checked, throw
     if (!bugTitle || !bugDescription) {
@@ -305,13 +308,13 @@ class BugReportForm extends FormApplication {
     // generating active module list from game.modules
     const moduleList = sendActiveModules ? generateActiveModuleList() : "";
     // generate module settings
-    const moduleSettings = generateModuleSettings(mod);
+    const moduleSettings = sendModSettings ? generateModuleSettings(mod) : "";
 
     // construct gitlab link (if applicable)
     if (this.gitlab) {
       bugsUrl = bugsUrl + `?title=${encodeURIComponent(bugTitle)}&description=${encodeURIComponent(fullDescription + "\n" + moduleList + moduleSettings)}`;
     }
-    
+
     // let the app know we're ready to send stuff
     this.isSending = true;
     this.render();

Module/templates/bug-report.html

@@ -71,7 +71,6 @@ <h3>Module Dependencies</h3>
       <input type="text" class="bug-title" name="formFields.bugTitle" data-dtype="String"
         value="{{formFields.bugTitle}}" />
     </div>
-
     <div class="flexcol found-issues {{#if (bugs-isEmpty foundIssues)}}hidden{{/if}}" tabindex="-1">
       <h3>{{localize 'BUG.foundIssues.title'}}</h3>
       <div class="found-issue-list" id="bug-reporter-issues-found">
@@ -109,9 +108,15 @@ <h4 class="flexrow">
       </div>
     </div>
 
-    <div class="form-group">
-      <label for="sendActiveModules">{{localize 'BUG.form.options.activemod'}}</label>
-      <input type="checkbox" id="sendActiveModules" name="formFields.sendActiveModules" checked />
+    <div class="flexrow">
+      <div class="form-group">
+        <label for="sendActiveModules">{{localize 'BUG.form.options.activemod'}}</label>
+        <input type="checkbox" id="sendActiveModules" name="formFields.sendActiveModules" checked />
+      </div>
+      <div class="form-group">
+        <label for="sendModSettings">{{localize 'BUG.form.options.sendModSettings'}}</label>
+        <input type="checkbox" id="sendModSettings" name="formFields.sendModSettings"/>
+      </div>
     </div>
 
     <div class="form-group-stacked">