1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

[svn] url.c (str_url): Henrik van Ginhoven pointed out on the list that we shouldn't

give away the number of characters in the password by replacing each character
with a 'x'.  Use "<password>" instead.
This commit is contained in:
dan 2001-01-09 20:30:43 -08:00
parent 7140f393b2
commit 1993e140f2
2 changed files with 10 additions and 4 deletions

View File

@ -5,6 +5,9 @@
it into this new file, to fix spelling mistakes, to clarify, etc. it into this new file, to fix spelling mistakes, to clarify, etc.
* url.c (write_backup_file): Clarified a comment. * url.c (write_backup_file): Clarified a comment.
(str_url): Henrik van Ginhoven pointed out on the list that we
shouldn't give away the number of characters in the password by
replacing each character with a 'x'. Use "<password>" instead.
* ftp.c (ftp_retrieve_dirs): I don't see a ChangeLog entry for * ftp.c (ftp_retrieve_dirs): I don't see a ChangeLog entry for
this, but the bug where recursion into FTP directories didn't work this, but the bug where recursion into FTP directories didn't work

View File

@ -688,11 +688,14 @@ str_url (const struct urlinfo *u, int hide)
user = CLEANDUP (u->user); user = CLEANDUP (u->user);
if (u->passwd) if (u->passwd)
{ {
int j;
passwd = CLEANDUP (u->passwd);
if (hide) if (hide)
for (j = 0; passwd[j]; j++) /* Don't output the password, or someone might see it over the user's
passwd[j] = 'x'; shoulder (or in saved wget output). Don't give away the number of
characters in the password, either, as we did when we replaced the
password characters with 'x's. */
passwd = "<password>";
else
passwd = CLEANDUP (u->passwd);
} }
if (u->proto == URLFTP && *dir == '/') if (u->proto == URLFTP && *dir == '/')
{ {