followup comment/code cleanups

actually explain why we set to undef and not use `delete`.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index bda236a1d08653669a832bb7aad7ceba4f2eefe5..7fefa52778a99662c0260435e425b8c2dbadba22 100644 (file)
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -808,17 +808,16 @@ sub extract_param {
     return $res;
 }
 
+# For extracting sensitive keys (e.g. password), to avoid writing them to www-data owned configs
 sub extract_sensitive_params :prototype($$$) {
     my ($param, $sensitive_list, $delete_list) = @_;
 
-    my $sensitive;
-
     my %delete = map { $_ => 1 } ($delete_list || [])->@*;
 
-    # always extract sensitive keys, so they don't get written to the www-data readable scfg
+    my $sensitive = {};
     for my $opt (@$sensitive_list) {
-       # First handle deletions as explicitly setting `undef`, afterwards new values may override
-       # it.
+       # handle deletions as explicitly setting `undef`, so subs which only have $param but not
+       # $delete_list available can recognize them. Afterwards new values  may override.
        if (exists($delete{$opt})) {
            $sensitive->{$opt} = undef;
        }