r17760 - gnucash/trunk/src/gnome-utils - Fix #559771 – user and password shown in menu in the clear
Phil Longstaff
plongstaff at cvs.gnucash.org
Sun Dec 7 17:13:44 EST 2008
Author: plongstaff
Date: 2008-12-07 17:13:44 -0500 (Sun, 07 Dec 2008)
New Revision: 17760
Trac: http://svn.gnucash.org/trac/changeset/17760
Modified:
gnucash/trunk/src/gnome-utils/gnc-main-window.c
gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c
Log:
Fix #559771 – user and password shown in menu in the clear
In gnc_history_generate_label() and gnc_main_window_generate_title(), replace
the username and password with an equal-length string of asterisks.
Modified: gnucash/trunk/src/gnome-utils/gnc-main-window.c
===================================================================
--- gnucash/trunk/src/gnome-utils/gnc-main-window.c 2008-12-07 16:58:10 UTC (rev 17759)
+++ gnucash/trunk/src/gnome-utils/gnc-main-window.c 2008-12-07 22:13:44 UTC (rev 17760)
@@ -1234,7 +1234,8 @@
GncMainWindowPrivate *priv;
GncPluginPage *page;
QofBook *book;
- const gchar *filename = NULL, *dirty = "";
+ gchar *filename = NULL;
+ const gchar *dirty = "";
gchar *title, *ptr;
GtkAction* action;
@@ -1244,7 +1245,7 @@
gtk_action_set_sensitive(action, FALSE);
}
if (gnc_current_session_exist()) {
- filename = gnc_session_get_url (gnc_get_current_session ());
+ filename = (gchar*)gnc_session_get_url (gnc_get_current_session ());
book = gnc_get_current_book();
if (qof_instance_is_dirty(QOF_INSTANCE(book))) {
dirty = "*";
@@ -1255,12 +1256,44 @@
}
if (!filename)
- filename = _("<no file>");
+ filename = g_strdup(_("<no file>"));
else {
- /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
- ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
- if (ptr != NULL)
- filename = g_utf8_next_char(ptr);
+ gint num_colons = 0;
+ for (ptr = filename; *ptr; ptr = g_utf8_next_char(ptr)) {
+ gunichar c = g_utf8_get_char(ptr);
+ if (c == ':') num_colons++;
+ }
+
+ if (num_colons != 4) {
+ /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
+ ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+ if (ptr != NULL)
+ filename = g_strdup(g_utf8_next_char(ptr));
+ } else {
+ const gchar* src = filename;
+
+ filename = g_strdup(filename);
+ ptr = filename;
+ num_colons = 0;
+
+ /* Loop and copy chars, converting username and password (after 3rd ':') to
+ asterisks. */
+ for( ; *src; src = g_utf8_next_char(src)) {
+ gunichar unichar;
+
+ if (num_colons < 3 || *src == ':') {
+ unichar = g_utf8_get_char(src);
+ } else {
+ unichar = '*';
+ }
+ ptr += g_unichar_to_utf8 (unichar, ptr);
+ if (unichar == '_') {
+ ptr += g_unichar_to_utf8 ('_', ptr);
+ } else if (unichar == ':') {
+ num_colons++;
+ }
+ }
+ }
}
priv = GNC_MAIN_WINDOW_GET_PRIVATE(window);
@@ -1272,6 +1305,7 @@
} else {
title = g_strdup_printf("%s%s", dirty, filename);
}
+ g_free(filename);
return title;
}
Modified: gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c
===================================================================
--- gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c 2008-12-07 16:58:10 UTC (rev 17759)
+++ gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c 2008-12-07 22:13:44 UTC (rev 17760)
@@ -287,20 +287,46 @@
if (index < 10)
dst += g_sprintf(result, "_%d ", (index + 1) % 10);
- /* Find the filename portion of the path */
- src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
- if (src) {
- src = g_utf8_next_char(src);
+ /* If the filename begins with "mysql://" or "postgres://", hide the
+ user name and password. Otherwise, it is a filename - hide everything
+ except the file name. */
- /* Fix up any underline characters so they aren't mistaken as
- * command accelerator keys. */
- for ( ; *src; src = g_utf8_next_char(src)) {
- unichar = g_utf8_get_char(src);
- dst += g_unichar_to_utf8 (unichar, dst);
+ if (g_ascii_strncasecmp(filename, "mysql://", 8) == 0 ||
+ g_ascii_strncasecmp(filename, "postgres://", 11) == 0 ) {
+ gint num_colons = 0;
- if (unichar == '_')
+ /* Loop for all chars and copy from 'src' to 'dst'. While doing this,
+ convert username and password (after 3rd ':') to asterisks. */
+ src = filename;
+ for( ; *src; src = g_utf8_next_char(src)) {
+ if (num_colons < 3 || *src == ':') {
+ unichar = g_utf8_get_char(src);
+ } else {
+ unichar = '*';
+ }
+ dst += g_unichar_to_utf8 (unichar, dst);
+ if (unichar == '_') {
dst += g_unichar_to_utf8 ('_', dst);
+ } else if (unichar == ':') {
+ num_colons++;
+ }
}
+ } else {
+ /* Find the filename portion of the path */
+ src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+ if (src) {
+ src = g_utf8_next_char(src);
+
+ /* Fix up any underline characters so they aren't mistaken as
+ * command accelerator keys. */
+ for ( ; *src; src = g_utf8_next_char(src)) {
+ unichar = g_utf8_get_char(src);
+ dst += g_unichar_to_utf8 (unichar, dst);
+
+ if (unichar == '_')
+ dst += g_unichar_to_utf8 ('_', dst);
+ }
+ }
}
*dst = '\0';
More information about the gnucash-changes
mailing list