From d6274ae25bcd3819b4cf2f4fcf5acc3a1f5955a5 Mon Sep 17 00:00:00 2001
From: Timeraider <57343973+GitTimeraider@users.noreply.github.com>
Date: Mon, 6 Oct 2025 10:16:17 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 23: Information
 exposure through an exception

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app/settings.py | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/app/settings.py b/app/settings.py
index e164421..f2f0666 100644
--- a/app/settings.py
+++ b/app/settings.py
@@ -134,21 +134,14 @@ def test_connection():
         if not success:
             # Log the detailed error server-side
             print(f"Sanitized error: {message}")
-            # Provide generic error for user
+            # Provide generic error for user, never send message details
             user_message = "Connection test failed. Please check your details and try again or contact support."
-            return jsonify({'success': False, 'message': user_message})
-
-        # Only allow pre-approved success messages to be sent back to the user
-        allowed_success_prefixes = [
-            "Successfully connected",
-            "Connected, but domain",
-            "Connected, but domain",
-        ]
+            result = {'success': False, 'message': user_message}
+            print(f"Sending response: {result}")
+            return jsonify(result)
+        
+        # Only allow strictly safe success message to be sent back to the user
         user_message = "Successfully connected to DirectAdmin."
-        for prefix in allowed_success_prefixes:
-            if message.startswith(prefix):
-                user_message = message
-                break
         result = {
             'success': True,
             'message': user_message