r17760 - gnucash/trunk/src/gnome-utils - Fix #559771 – user and password shown in menu in the clear

Phil Longstaff plongstaff at cvs.gnucash.org
Sun Dec 7 17:13:44 EST 2008


Author: plongstaff
Date: 2008-12-07 17:13:44 -0500 (Sun, 07 Dec 2008)
New Revision: 17760
Trac: http://svn.gnucash.org/trac/changeset/17760

Modified:
   gnucash/trunk/src/gnome-utils/gnc-main-window.c
   gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c
Log:
Fix #559771 – user and password shown in menu in the clear

In gnc_history_generate_label() and gnc_main_window_generate_title(), replace
the username and password with an equal-length string of asterisks.


Modified: gnucash/trunk/src/gnome-utils/gnc-main-window.c
===================================================================
--- gnucash/trunk/src/gnome-utils/gnc-main-window.c	2008-12-07 16:58:10 UTC (rev 17759)
+++ gnucash/trunk/src/gnome-utils/gnc-main-window.c	2008-12-07 22:13:44 UTC (rev 17760)
@@ -1234,7 +1234,8 @@
   GncMainWindowPrivate *priv;
   GncPluginPage *page;
   QofBook *book;
-  const gchar *filename = NULL, *dirty = "";
+  gchar *filename = NULL;
+  const gchar *dirty = "";
   gchar *title, *ptr;
   GtkAction* action;
 
@@ -1244,7 +1245,7 @@
   	gtk_action_set_sensitive(action, FALSE);
   }
   if (gnc_current_session_exist()) {
-      filename = gnc_session_get_url (gnc_get_current_session ());
+      filename = (gchar*)gnc_session_get_url (gnc_get_current_session ());
       book = gnc_get_current_book();
       if (qof_instance_is_dirty(QOF_INSTANCE(book))) {
 		dirty = "*";
@@ -1255,12 +1256,44 @@
   }
 
   if (!filename)
-    filename = _("<no file>");
+    filename = g_strdup(_("<no file>"));
   else {
-    /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
-    ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
-    if (ptr != NULL)
-      filename = g_utf8_next_char(ptr);
+	gint num_colons = 0;
+	for (ptr = filename; *ptr; ptr = g_utf8_next_char(ptr)) {
+	  gunichar c = g_utf8_get_char(ptr);
+	  if (c == ':') num_colons++;
+	}
+
+    if (num_colons != 4) {
+      /* The Gnome HIG 2.0 recommends only the file name (no path) be used. (p15) */
+      ptr = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+      if (ptr != NULL)
+        filename = g_strdup(g_utf8_next_char(ptr));
+	} else {
+	  const gchar* src = filename;
+
+	  filename = g_strdup(filename);
+	  ptr = filename;
+	  num_colons = 0;
+
+	  /* Loop and copy chars, converting username and password (after 3rd ':') to
+	  asterisks. */
+	  for( ; *src; src = g_utf8_next_char(src)) {
+		gunichar unichar;
+
+	    if (num_colons < 3 || *src == ':') {
+	      unichar = g_utf8_get_char(src);
+		} else {
+		  unichar = '*';
+		}
+		ptr += g_unichar_to_utf8 (unichar, ptr);
+	    if (unichar == '_') {
+	      ptr += g_unichar_to_utf8 ('_', ptr);
+		} else if (unichar == ':') {
+		  num_colons++;
+		}
+	  }
+	}
   }
 
   priv = GNC_MAIN_WINDOW_GET_PRIVATE(window);
@@ -1272,6 +1305,7 @@
   } else {
     title = g_strdup_printf("%s%s", dirty, filename);
   }
+  g_free(filename);
   
   return title;
 }

Modified: gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c
===================================================================
--- gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c	2008-12-07 16:58:10 UTC (rev 17759)
+++ gnucash/trunk/src/gnome-utils/gnc-plugin-file-history.c	2008-12-07 22:13:44 UTC (rev 17760)
@@ -287,20 +287,46 @@
 	if (index < 10)
 	  dst += g_sprintf(result, "_%d ", (index + 1) % 10);
 
-	/* Find the filename portion of the path */
-	src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
-	if (src) {
-	  src = g_utf8_next_char(src);
+	/* If the filename begins with "mysql://" or "postgres://", hide the
+	user name and password.  Otherwise, it is a filename - hide everything
+	except the file name. */
 
-	  /* Fix up any underline characters so they aren't mistaken as
-	   * command accelerator keys. */
-	  for ( ; *src; src = g_utf8_next_char(src)) {
-	    unichar = g_utf8_get_char(src);
-	    dst += g_unichar_to_utf8 (unichar, dst);
+	if (g_ascii_strncasecmp(filename, "mysql://", 8) == 0 ||
+		g_ascii_strncasecmp(filename, "postgres://", 11) == 0 ) {
+	  gint num_colons = 0;
 
-	    if (unichar == '_')
+	  /* Loop for all chars and copy from 'src' to 'dst'.  While doing this,
+	     convert username and password (after 3rd ':') to asterisks. */
+	  src = filename;
+	  for( ; *src; src = g_utf8_next_char(src)) {
+	    if (num_colons < 3 || *src == ':') {
+	      unichar = g_utf8_get_char(src);
+		} else {
+		  unichar = '*';
+		}
+		dst += g_unichar_to_utf8 (unichar, dst);
+	    if (unichar == '_') {
 	      dst += g_unichar_to_utf8 ('_', dst);
+		} else if (unichar == ':') {
+		  num_colons++;
+		}
 	  }
+	} else {
+	  /* Find the filename portion of the path */
+	  src = g_utf8_strrchr(filename, -1, G_DIR_SEPARATOR);
+	  if (src) {
+	    src = g_utf8_next_char(src);
+
+	    /* Fix up any underline characters so they aren't mistaken as
+	     * command accelerator keys. */
+	    for ( ; *src; src = g_utf8_next_char(src)) {
+	      unichar = g_utf8_get_char(src);
+	      dst += g_unichar_to_utf8 (unichar, dst);
+
+	      if (unichar == '_')
+	        dst += g_unichar_to_utf8 ('_', dst);
+	    }
+	  }
 	}
 
 	*dst = '\0';



More information about the gnucash-changes mailing list