martin 98/05/14 14:58:27
Modified: src/main http_main.c Log: Hide the password (for ftp://user:[EMAIL PROTECTED]/ requests) from the request list displayed by mod_status. This is analogous to the hiding in mod_log_config. Revision Changes Path 1.353 +11 -2 apache-1.3/src/main/http_main.c Index: http_main.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/main/http_main.c,v retrieving revision 1.352 retrieving revision 1.353 diff -u -u -r1.352 -r1.353 --- http_main.c 1998/05/13 15:20:02 1.352 +++ http_main.c 1998/05/14 21:58:26 1.353 @@ -1902,8 +1902,17 @@ conn_rec *c = r->connection; ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config, REMOTE_NOLOOKUP), sizeof(ss->client)); - ap_cpystrn(ss->request, (r->the_request ? r->the_request : - "NULL"), sizeof(ss->request)); + if (r->the_request == NULL) { + ap_cpystrn(ss->request, "NULL", sizeof(ss->request)); + } else if (r->parsed_uri.password == NULL) { + ap_cpystrn(ss->request, r->the_request, sizeof(ss->request)); + } else { + /* Don't reveal the password in the server-status view */ + ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ", + ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD), + r->assbackwards ? NULL : " ", r->protocol, NULL), + sizeof(ss->request)); + } ap_cpystrn(ss->vhost, r->server->server_hostname, sizeof(ss->vhost)); } #endif
