X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=blobdiff_plain;f=src%2FPVE%2FTools.pm;fp=src%2FPVE%2FTools.pm;h=7fefa52778a99662c0260435e425b8c2dbadba22;hp=bda236a1d08653669a832bb7aad7ceba4f2eefe5;hb=9d52694bca477b119a59be8b1db4ebd1e796f000;hpb=40682a697d6bf88378696e1ab9146cfa30c67dbb

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index bda236a..7fefa52 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -808,17 +808,16 @@ sub extract_param {
     return $res;
 }
 
+# For extracting sensitive keys (e.g. password), to avoid writing them to www-data owned configs
 sub extract_sensitive_params :prototype($$$) {
     my ($param, $sensitive_list, $delete_list) = @_;
 
-    my $sensitive;
-
     my %delete = map { $_ => 1 } ($delete_list || [])->@*;
 
-    # always extract sensitive keys, so they don't get written to the www-data readable scfg
+    my $sensitive = {};
     for my $opt (@$sensitive_list) {
-	# First handle deletions as explicitly setting `undef`, afterwards new values may override
-	# it.
+	# handle deletions as explicitly setting `undef`, so subs which only have $param but not
+	# $delete_list available can recognize them. Afterwards new values  may override.
 	if (exists($delete{$opt})) {
 	    $sensitive->{$opt} = undef;
 	}