[X2Go-Commits] [x2goclient] 01/01: Do not show password in debug output of HTTP broker.
git-admin at x2go.org
git-admin at x2go.org
Tue Sep 3 09:32:28 CEST 2019
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2goclient.
commit eb719be4f83a94653c8ffaa351ffe6c541d48a4d
Author: Oleksandr Shneyder <o.shneyder at phoca-gmbh.de>
Date: Tue Sep 3 09:32:01 2019 +0200
Do not show password in debug output of HTTP broker.
---
debian/changelog | 1 +
src/httpbrokerclient.cpp | 32 +++++++++++++++++++++++++++-----
src/httpbrokerclient.h | 1 +
3 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 13511dc..cd51a3e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,6 +34,7 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium
- Broker can send to client the number of suspended and running sessions for each session type.
Client will display this information to user on session button.
- update copyright years in about dialog.
+ - Do not show password in debug output of HTTP broker.
[ Mihai Moldovan ]
* New upstream version (4.1.2.2):
diff --git a/src/httpbrokerclient.cpp b/src/httpbrokerclient.cpp
index 07986fc..d264c11 100644
--- a/src/httpbrokerclient.cpp
+++ b/src/httpbrokerclient.cpp
@@ -291,7 +291,7 @@ void HttpBrokerClient::getUserSessions()
"password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<<
"authid="<<nextAuthId;
- x2goDebug << "sending request: "<< req.toUtf8();
+ x2goDebug << "sending request: "<< scramblePwd(req.toUtf8());
QNetworkRequest request(QUrl(config->brokerurl));
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
sessionsRequest=http->post (request, req.toUtf8() );
@@ -333,7 +333,7 @@ void HttpBrokerClient::selectUserSession(const QString& session, const QString&
{
QTextStream ( &req ) <<"&login="<<QUrl::toPercentEncoding(loginName);
}
- x2goDebug << "Sending request: "<< req.toUtf8();
+ x2goDebug << "sending request: "<< scramblePwd(req.toUtf8());
QNetworkRequest request(QUrl(config->brokerurl));
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
selSessRequest=http->post (request, req.toUtf8() );
@@ -381,7 +381,7 @@ void HttpBrokerClient::sendEvent(const QString& ev, const QString& id, const QSt
"start="<<QUrl::toPercentEncoding(start)<<"&"<<
"elapsed="<<QString::number(connectionTime)<<"&"<<
"authid="<<nextAuthId;
- x2goDebug << "Sending request: "<< req.toUtf8();
+ x2goDebug << "sending request: "<< scramblePwd(req.toUtf8());
QNetworkRequest request(QUrl(config->brokerurl));
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
eventRequest=http->post (request, req.toUtf8() );
@@ -447,7 +447,7 @@ void HttpBrokerClient::changePassword(QString newPass)
"user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<<
"password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<<
"authid="<<nextAuthId;
- x2goDebug << "Sending request: "<< req.toUtf8();
+ x2goDebug << "sending request: "<< scramblePwd(req.toUtf8());
QNetworkRequest request(QUrl(config->brokerurl));
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
chPassRequest=http->post (request, req.toUtf8() );
@@ -472,7 +472,7 @@ void HttpBrokerClient::testConnection()
QString req;
QTextStream ( &req ) <<
"task=testcon";
- x2goDebug << "Sending request: "<< req.toUtf8();
+ x2goDebug << "sending request: "<< scramblePwd(req.toUtf8());
QNetworkRequest request(QUrl(config->brokerurl));
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
testConRequest=http->post (request, req.toUtf8() );
@@ -875,3 +875,25 @@ void HttpBrokerClient::slotSshIoErr(SshProcess* caller, QString error, QString l
}
createSshConnection();
}
+
+QString HttpBrokerClient::scramblePwd(const QString& req)
+{
+ QString scrambled=req;
+ int startPos=scrambled.indexOf("password=");
+ if(startPos!=-1)
+ {
+ startPos+=9;
+ int endPos=scrambled.indexOf("&",startPos);
+ int plength;
+ if(endPos==-1)
+ {
+ plength=scrambled.length()-startPos;
+ }
+ else
+ {
+ plength=endPos-startPos;
+ }
+ scrambled.replace(startPos,plength,'*');
+ }
+ return scrambled;
+}
diff --git a/src/httpbrokerclient.h b/src/httpbrokerclient.h
index d01c734..9f8b07f 100644
--- a/src/httpbrokerclient.h
+++ b/src/httpbrokerclient.h
@@ -71,6 +71,7 @@ private:
void parseSession(QString sInfo);
void createSshConnection();
bool checkAccess(QString answer);
+ QString scramblePwd(const QString& req);
private slots:
void slotRequestFinished ( QNetworkReply* reply );
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list