Fix #559771 – user and password shown in menu in the clear

In gnc_history_generate_label() and gnc_main_window_generate_title(), replace the username and password with an equal-length string of asterisks. git-svn-id: svn+ssh://svn.gnucash.org/repo/gnucash/trunk@17760 57a11ea4-9604-0410-9ed3-97b8803252fd
2025-02-25 18:55:30 -06:00 · 2008-12-07 22:13:44 +00:00 · 2008-12-07 22:13:44 +00:00 · 9cc57ed6b8
commit 9cc57ed6b8
parent 60afa42460
2 changed files with 77 additions and 17 deletions
--- a/src/gnome-utils/gnc-main-window.c
+++ b/src/gnome-utils/gnc-main-window.c
@ -1234,7 +1234,8 @@ gnc_main_window_generate_title (GncMainWindow *window)
  GncMainWindowPrivate *priv;
  GncPluginPage *page;
  QofBook *book;
-  const gchar *filename = NULL, *dirty = "";
+  gchar *filename = NULL;
+  const gchar *dirty = "";
  gchar *title, *ptr;
  GtkAction* action;

@ -1244,7 +1245,7 @@ gnc_main_window_generate_title (GncMainWindow *window)
  	gtk_action_set_sensitive(action, FALSE);
  }
  if (gnc_current_session_exist()) {
-      filename = gnc_session_get_url (gnc_get_current_session ());
+      filename = (gchar*)gnc_session_get_url (gnc_get_current_session ());
      book = gnc_get_current_book();
      if (qof_instance_is_dirty(QOF_INSTANCE(book))) {
 		dirty = "*";
@ -1255,12 +1256,44 @@ gnc_main_window_generate_title (GncMainWindow *window)
  }

  if (!filename)
-    filename = _("<no file>");
+    filename = g_strdup(_("<no file>"));
  else {
-    /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
-    ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
-    if (ptr != NULL)
-      filename = g_utf8_next_char(ptr);
+	gint num_colons = 0;
+	for (ptr = filename; *ptr; ptr = g_utf8_next_char(ptr)) {
+	  gunichar c = g_utf8_get_char(ptr);
+	  if (c == ':') num_colons++;
+	}
+
+    if (num_colons != 4) {
+      /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
+      ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+      if (ptr != NULL)
+        filename = g_strdup(g_utf8_next_char(ptr));
+	} else {
+	  const gchar* src = filename;
+
+	  filename = g_strdup(filename);
+	  ptr = filename;
+	  num_colons = 0;
+
+	  /* Loop and copy chars, converting username and password (after 3rd ':') to
+	  asterisks. */
+	  for( ; *src; src = g_utf8_next_char(src)) {
+		gunichar unichar;
+
+	    if (num_colons < 3 || *src == ':') {
+	      unichar = g_utf8_get_char(src);
+		} else {
+		  unichar = '*';
+		}
+		ptr += g_unichar_to_utf8 (unichar, ptr);
+	    if (unichar == '_') {
+	      ptr += g_unichar_to_utf8 ('_', ptr);
+		} else if (unichar == ':') {
+		  num_colons++;
+		}
+	  }
+	}
  }

  priv = GNC_MAIN_WINDOW_GET_PRIVATE(window);
@ -1272,6 +1305,7 @@ gnc_main_window_generate_title (GncMainWindow *window)
  } else {
    title = g_strdup_printf("%s%s", dirty, filename);
  }
+  g_free(filename);
  
  return title;
 }
--- a/src/gnome-utils/gnc-plugin-file-history.c
+++ b/src/gnome-utils/gnc-plugin-file-history.c
@ -287,19 +287,45 @@ gnc_history_generate_label (int index, const gchar *filename)
 	if (index < 10)
 	  dst += g_sprintf(result, "_%d ", (index + 1) % 10);

-	/* Find the filename portion of the path */
-	src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
-	if (src) {
-	  src = g_utf8_next_char(src);
+	/* If the filename begins with "mysql://" or "postgres://", hide the
+	user name and password.  Otherwise, it is a filename - hide everything
+	except the file name. */

-	  /* Fix up any underline characters so they aren't mistaken as
-	   * command accelerator keys. */
-	  for ( ; *src; src = g_utf8_next_char(src)) {
-	    unichar = g_utf8_get_char(src);
-	    dst += g_unichar_to_utf8 (unichar, dst);
+	if (g_ascii_strncasecmp(filename, "mysql://", 8) == 0 ||
+		g_ascii_strncasecmp(filename, "postgres://", 11) == 0 ) {
+	  gint num_colons = 0;

-	    if (unichar == '_')
+	  /* Loop for all chars and copy from 'src' to 'dst'.  While doing this,
+	     convert username and password (after 3rd ':') to asterisks. */
+	  src = filename;
+	  for( ; *src; src = g_utf8_next_char(src)) {
+	    if (num_colons < 3 || *src == ':') {
+	      unichar = g_utf8_get_char(src);
+		} else {
+		  unichar = '*';
+		}
+		dst += g_unichar_to_utf8 (unichar, dst);
+	    if (unichar == '_') {
 	      dst += g_unichar_to_utf8 ('_', dst);
+		} else if (unichar == ':') {
+		  num_colons++;
+		}
+	  }
+	} else {
+	  /* Find the filename portion of the path */
+	  src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+	  if (src) {
+	    src = g_utf8_next_char(src);
+
+	    /* Fix up any underline characters so they aren't mistaken as
+	     * command accelerator keys. */
+	    for ( ; *src; src = g_utf8_next_char(src)) {
+	      unichar = g_utf8_get_char(src);
+	      dst += g_unichar_to_utf8 (unichar, dst);
+
+	      if (unichar == '_')
+	        dst += g_unichar_to_utf8 ('_', dst);
+	    }
 	  }
 	}