Re: displaying of passwords in URLs when changing directories

Alexander V. Lukyanov Tue, 25 Oct 2005 05:30:44 -0700

On Sat, Oct 22, 2005 at 03:04:43PM +1000, James Teh wrote:
> Currently, if you include a username and password in a URL, the entire
> URL, including the password, is displayed when first connecting to the
> site in the lftp 'cd' command. This is demonstrated below:
> lftp 1 :~> open ftp://blah:[EMAIL PROTECTED]/
> cd `ftp://blah:[EMAIL PROTECTED]/' [Connecting...]


Try attached patch.

--
   Alexander.                      | http://www.yars.free.net/~lav/

Index: CmdExec.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/CmdExec.cc,v
retrieving revision 1.115
diff -u -p -r1.115 CmdExec.cc
--- CmdExec.cc  12 Aug 2005 07:05:32 -0000      1.115
+++ CmdExec.cc  25 Oct 2005 12:07:42 -0000
@@ -700,7 +700,7 @@ void CmdExec::ShowRunStatus(StatusLine *
    {
    case(BUILTIN_CD):
       if(session->IsOpen())
-        s->Show("cd `%s' [%s]",args->getarg(1),session->CurrentStatus());
+        s->Show("cd `%s' 
[%s]",squeeze_file_name(args->getarg(1),s->GetWidthDelayed()-40),session->CurrentStatus());
       break;
    case(BUILTIN_OPEN):
       if(session->IsOpen())
Index: bookmark.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/bookmark.cc,v
retrieving revision 1.14
diff -u -p -r1.14 bookmark.cc
--- bookmark.cc 18 Oct 2005 09:21:21 -0000      1.14
+++ bookmark.cc 25 Oct 2005 11:17:04 -0000
@@ -28,6 +28,7 @@
 #include "trio.h"
 #include "ResMgr.h"
 #include "misc.h"
+#include "url.h"
 
 #define super KeyValueDB
 
@@ -203,37 +204,8 @@ char *Bookmark::Format()
    return super::Format();
 }
 
-static const char *hide_password(const char *url)
-{
-   const char *scan=strstr(url,"://");
-   if(!scan)
-      return url;
-
-   scan+=3;
-
-   const char *at=strchr(scan,'@');
-   if(!at)
-      return url;
-
-   const char *colon=strchr(scan,':');
-   if(!colon || colon>at)
-      return url;
-
-   const char *slash=strchr(scan,'/');
-   if(slash && slash<at)
-      return url;
-
-   static char *buf;
-   static int buf_alloc;
-   int need=strlen(url)+5;
-   if(buf_alloc<need)
-      buf=(char*)xrealloc(buf,buf_alloc=need);
-   sprintf(buf,"%.*sXXXX%s",colon+1-url,url,at);
-   return buf;
-}
-
 char *Bookmark::FormatHidePasswords()
 {
    AutoSync();
-   return super::Format(hide_password);
+   return super::Format(url::hide_password);
 }
Index: misc.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/misc.cc,v
retrieving revision 1.76
diff -u -p -r1.76 misc.cc
--- misc.cc     18 Oct 2005 12:11:49 -0000      1.76
+++ misc.cc     25 Oct 2005 08:21:49 -0000
@@ -459,8 +459,9 @@ const char *squeeze_file_name(const char
    static int buf_len;
    int mbflags=MBSW_ACCEPT_INVALID|MBSW_ACCEPT_UNPRINTABLE;
 
-   int name_width=mbswidth(name,mbflags);
+   name=url::remove_password(name);
 
+   int name_width=mbswidth(name,mbflags);
    if(name_width<=w)
       return name;
 
Index: url.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/url.cc,v
retrieving revision 1.31
diff -u -p -r1.31 url.cc
--- url.cc      3 Aug 2005 07:12:48 -0000       1.31
+++ url.cc      25 Oct 2005 12:02:29 -0000
@@ -481,3 +481,57 @@ bool url::dir_needs_trailing_slash(const
    return !strcmp(proto,"http")
        || !strcmp(proto,"https");
 }
+
+bool url::find_password_pos(const char *url,int *start,int *len)
+{
+   *start=*len=0;
+
+   const char *scan=strstr(url,"://");
+   if(!scan)
+      return false;
+
+   scan+=3;
+
+   const char *at=strchr(scan,'@');
+   if(!at)
+      return false;
+
+   const char *colon=strchr(scan,':');
+   if(!colon || colon>at)
+      return false;
+
+   const char *slash=strchr(scan,'/');
+   if(slash && slash<at)
+      return false;
+
+   *start=colon+1-url;
+   *len=at-colon-1;
+   return true;
+}
+
+const char *url::hide_password(const char *url)
+{
+   int start,len;
+   if(!find_password_pos(url,&start,&len))
+      return url;
+   static char *buf;
+   static int buf_alloc;
+   int need=strlen(url)+5;
+   if(buf_alloc<need)
+      buf=(char*)xrealloc(buf,buf_alloc=need);
+   sprintf(buf,"%.*sXXXX%s",start,url,url+start+len);
+   return buf;
+}
+const char *url::remove_password(const char *url)
+{
+   int start,len;
+   if(!find_password_pos(url,&start,&len))
+      return url;
+   static char *buf;
+   static int buf_alloc;
+   int need=strlen(url)-len;
+   if(buf_alloc<need)
+      buf=(char*)xrealloc(buf,buf_alloc=need);
+   sprintf(buf,"%.*s%s",start-1,url,url+start+len);
+   return buf;
+}
Index: url.h
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/url.h,v
retrieving revision 1.14
diff -u -p -r1.14 url.h
--- url.h       3 Aug 2005 07:12:49 -0000       1.14
+++ url.h       25 Oct 2005 08:20:24 -0000
@@ -83,6 +83,9 @@ public:
 
    static int path_index(const char *p);
    static bool dir_needs_trailing_slash(const char *proto);
+   static bool find_password_pos(const char *url,int *start,int *len);
+   static const char *remove_password(const char *url);
+   static const char *hide_password(const char *url);
 };
 
 #endif//URL_H

Re: displaying of passwords in URLs when changing directories

Reply via email to