This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2goclient. from 2a1ad93 update copyright years in about dialog. new eb719be Do not show password in debug output of HTTP broker. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 1 + src/httpbrokerclient.cpp | 32 +++++++++++++++++++++++++++----- src/httpbrokerclient.h | 1 + 3 files changed, 29 insertions(+), 5 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit eb719be4f83a94653c8ffaa351ffe6c541d48a4d Author: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> Date: Tue Sep 3 09:32:01 2019 +0200 Do not show password in debug output of HTTP broker. --- debian/changelog | 1 + src/httpbrokerclient.cpp | 32 +++++++++++++++++++++++++++----- src/httpbrokerclient.h | 1 + 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 13511dc..cd51a3e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,6 +34,7 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium - Broker can send to client the number of suspended and running sessions for each session type. Client will display this information to user on session button. - update copyright years in about dialog. + - Do not show password in debug output of HTTP broker. [ Mihai Moldovan ] * New upstream version (4.1.2.2): diff --git a/src/httpbrokerclient.cpp b/src/httpbrokerclient.cpp index 07986fc..d264c11 100644 --- a/src/httpbrokerclient.cpp +++ b/src/httpbrokerclient.cpp @@ -291,7 +291,7 @@ void HttpBrokerClient::getUserSessions() "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<< "authid="<<nextAuthId; - x2goDebug << "sending request: "<< req.toUtf8(); + x2goDebug << "sending request: "<< scramblePwd(req.toUtf8()); QNetworkRequest request(QUrl(config->brokerurl)); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); sessionsRequest=http->post (request, req.toUtf8() ); @@ -333,7 +333,7 @@ void HttpBrokerClient::selectUserSession(const QString& session, const QString& { QTextStream ( &req ) <<"&login="<<QUrl::toPercentEncoding(loginName); } - x2goDebug << "Sending request: "<< req.toUtf8(); + x2goDebug << "sending request: "<< scramblePwd(req.toUtf8()); QNetworkRequest request(QUrl(config->brokerurl)); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); selSessRequest=http->post (request, req.toUtf8() ); @@ -381,7 +381,7 @@ void HttpBrokerClient::sendEvent(const QString& ev, const QString& id, const QSt "start="<<QUrl::toPercentEncoding(start)<<"&"<< "elapsed="<<QString::number(connectionTime)<<"&"<< "authid="<<nextAuthId; - x2goDebug << "Sending request: "<< req.toUtf8(); + x2goDebug << "sending request: "<< scramblePwd(req.toUtf8()); QNetworkRequest request(QUrl(config->brokerurl)); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); eventRequest=http->post (request, req.toUtf8() ); @@ -447,7 +447,7 @@ void HttpBrokerClient::changePassword(QString newPass) "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<< "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<< "authid="<<nextAuthId; - x2goDebug << "Sending request: "<< req.toUtf8(); + x2goDebug << "sending request: "<< scramblePwd(req.toUtf8()); QNetworkRequest request(QUrl(config->brokerurl)); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); chPassRequest=http->post (request, req.toUtf8() ); @@ -472,7 +472,7 @@ void HttpBrokerClient::testConnection() QString req; QTextStream ( &req ) << "task=testcon"; - x2goDebug << "Sending request: "<< req.toUtf8(); + x2goDebug << "sending request: "<< scramblePwd(req.toUtf8()); QNetworkRequest request(QUrl(config->brokerurl)); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); testConRequest=http->post (request, req.toUtf8() ); @@ -875,3 +875,25 @@ void HttpBrokerClient::slotSshIoErr(SshProcess* caller, QString error, QString l } createSshConnection(); } + +QString HttpBrokerClient::scramblePwd(const QString& req) +{ + QString scrambled=req; + int startPos=scrambled.indexOf("password="); + if(startPos!=-1) + { + startPos+=9; + int endPos=scrambled.indexOf("&",startPos); + int plength; + if(endPos==-1) + { + plength=scrambled.length()-startPos; + } + else + { + plength=endPos-startPos; + } + scrambled.replace(startPos,plength,'*'); + } + return scrambled; +} diff --git a/src/httpbrokerclient.h b/src/httpbrokerclient.h index d01c734..9f8b07f 100644 --- a/src/httpbrokerclient.h +++ b/src/httpbrokerclient.h @@ -71,6 +71,7 @@ private: void parseSession(QString sInfo); void createSshConnection(); bool checkAccess(QString answer); + QString scramblePwd(const QString& req); private slots: void slotRequestFinished ( QNetworkReply* reply ); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
-
git-admin@x2go.org