diff --git a/src/ChangeLog b/src/ChangeLog index ecf404b10..224a03413 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,31 @@ +2004-11-03 Jindrich Novy + + * subshell.c (do_subshell_chdir): Filter out a possible password from + warning dialog. + + * command.c (do_cd_command): Likewise. + + * screen.c (panel_callback): Likewise. + + * util.c (path_trunc): Add function. path_trunc() is the same as + name_trunc(), but it deletes possible password from path for security + reasons. + + * util.h: Add functions path_trunc(). + + * filegui.c (file_progress_show_target): Filter out a possible password + from dialog. + (file_progress_show_deleting): Likewise. + (file_mask_dialog): Likewise. + + * file.c (move_file_file): Likewise. + (move_dir_dir): Likewise. + (file_error): Likewise. + (files_error): Likewise. + (real_query_recursive): Likewise. + + * hotlist.c (add2hotlist): Typo fix. + 2004-11-02 Pavel Tsekov * dialog.c (do_select_widget): Walk the whole widgets list looking diff --git a/src/command.c b/src/command.c index fe2245bc9..f3b19b453 100644 --- a/src/command.c +++ b/src/command.c @@ -179,8 +179,10 @@ void do_cd_command (char *cmd) } } else if (!examine_cd (&cmd [3])) { + char *d = strip_password (g_strdup (&cmd [3]), 1); message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "), - &cmd [3], unix_error_string (errno)); + d, unix_error_string (errno)); + g_free (d); return; } } diff --git a/src/file.c b/src/file.c index cf59957e1..0e0391952 100644 --- a/src/file.c +++ b/src/file.c @@ -1111,8 +1111,8 @@ move_file_file (FileOpContext *ctx, const char *s, const char *d, msize = 40; msize /= 2; - strcpy (st, name_trunc (s, msize)); - strcpy (dt, name_trunc (d, msize)); + strcpy (st, path_trunc (s, msize)); + strcpy (dt, path_trunc (d, msize)); message (1, MSG_ERROR, _(" `%s' and `%s' are the same file "), st, dt); do_refresh (); @@ -1229,8 +1229,8 @@ move_dir_dir (FileOpContext *ctx, const char *s, const char *d, msize = 40; msize /= 2; - strcpy (st, name_trunc (s, msize)); - strcpy (dt, name_trunc (d, msize)); + strcpy (st, path_trunc (s, msize)); + strcpy (dt, path_trunc (d, msize)); message (1, MSG_ERROR, _(" `%s' and `%s' are the same directory "), st, dt); do_refresh (); @@ -2157,7 +2157,7 @@ int file_error (const char *format, const char *file) { g_snprintf (cmd_buf, sizeof (cmd_buf), format, - name_trunc (file, 30), unix_error_string (errno)); + path_trunc (file, 30), unix_error_string (errno)); return do_file_error (cmd_buf); } @@ -2169,8 +2169,8 @@ files_error (const char *format, const char *file1, const char *file2) char nfile1[16]; char nfile2[16]; - strcpy (nfile1, name_trunc (file1, 15)); - strcpy (nfile2, name_trunc (file2, 15)); + strcpy (nfile1, path_trunc (file1, 15)); + strcpy (nfile2, path_trunc (file2, 15)); g_snprintf (cmd_buf, sizeof (cmd_buf), format, nfile1, nfile2, unix_error_string (errno)); @@ -2191,7 +2191,7 @@ real_query_recursive (FileOpContext *ctx, enum OperationMode mode, const char *s " Delete it recursively? ") : _("\n Background process: Directory not empty \n" " Delete it recursively? "); - text = g_strconcat (_(" Delete: "), name_trunc (s, 30), " ", (char *) NULL); + text = g_strconcat (_(" Delete: "), path_trunc (s, 30), " ", (char *) NULL); if (safe_delete) query_set_sel (1); diff --git a/src/filegui.c b/src/filegui.c index c6078966b..3b188fa60 100644 --- a/src/filegui.c +++ b/src/filegui.c @@ -68,6 +68,7 @@ #include "fileopctx.h" /* FILE_CONT */ #include "filegui.h" #include "key.h" /* get_event */ +#include "util.h" /* strip_password() */ /* }}} */ @@ -423,7 +424,8 @@ file_progress_show_bytes (FileOpContext *ctx, double done, double total) /* }}} */ -#define truncFileString(ui, s) name_trunc (s, ui->eta_extra + 47) +#define truncFileString(ui, s) name_trunc (s, ui->eta_extra + 47) +#define truncFileStringSecure(ui, s) path_trunc (s, ui->eta_extra + 47) FileProgressStatus file_progress_show_source (FileOpContext *ctx, const char *s) @@ -472,7 +474,7 @@ file_progress_show_target (FileOpContext *ctx, const char *s) if (s != NULL) { label_set_text (ui->file_label[1], _("Target")); - label_set_text (ui->file_string[1], truncFileString (ui, s)); + label_set_text (ui->file_string[1], truncFileStringSecure (ui, s)); return check_progress_buttons (ctx); } else { label_set_text (ui->file_label[1], ""); @@ -494,7 +496,7 @@ file_progress_show_deleting (FileOpContext *ctx, const char *s) ui = ctx->ui; label_set_text (ui->file_label[0], _("Deleting")); - label_set_text (ui->file_label[0], truncFileString (ui, s)); + label_set_text (ui->file_label[0], truncFileStringSecure (ui, s)); return check_progress_buttons (ctx); } @@ -854,6 +856,7 @@ file_mask_dialog (FileOpContext *ctx, FileOperation operation, const char *text, int source_easy_patterns = easy_patterns; char *source_mask, *orig_mask, *dest_dir, *tmpdest; const char *error; + char *def_text_secure; struct stat buf; int val; QuickDialog Quick_input; @@ -872,6 +875,9 @@ file_mask_dialog (FileOpContext *ctx, FileOperation operation, const char *text, fmd_widgets[FMCB22].result = &ctx->stable_symlinks; fmd_widgets[FMCB21].result = &ctx->dive_into_subdirs; + /* filter out a possible password from def_text */ + def_text_secure = strip_password (g_strdup (def_text), 1); + /* Create the dialog */ ctx->stable_symlinks = 0; @@ -885,7 +891,7 @@ file_mask_dialog (FileOpContext *ctx, FileOperation operation, const char *text, Quick_input.i18n = 1; Quick_input.widgets = fmd_widgets; fmd_widgets[FMDI0].text = text; - fmd_widgets[FMDI2].text = def_text; + fmd_widgets[FMDI2].text = def_text_secure; fmd_widgets[FMDI2].str_result = &dest_dir; fmd_widgets[FMDI1].str_result = &source_mask; diff --git a/src/hotlist.c b/src/hotlist.c index 29ea8893c..0a1952b48 100644 --- a/src/hotlist.c +++ b/src/hotlist.c @@ -761,7 +761,7 @@ add2hotlist (char *label, char *directory, enum HotListType type, int pos) /* should be inserted before first item */ new->next = current; current_group->head = new; - } else if (pos == 1) { /* befor current */ + } else if (pos == 1) { /* before current */ struct hotlist *p = current_group->head; while (p->next != current) diff --git a/src/screen.c b/src/screen.c index c5a8565f4..0fdc91470 100644 --- a/src/screen.c +++ b/src/screen.c @@ -2182,8 +2182,10 @@ panel_callback (WPanel *panel, widget_msg_t msg, int parm) current_panel = panel; panel->active = 1; if (mc_chdir (panel->cwd) != 0) { + char *cwd = strip_password (g_strdup (panel->cwd), 1); message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "), - panel->cwd, unix_error_string (errno)); + cwd, unix_error_string (errno)); + g_free(cwd); } else subshell_chdir (panel->cwd); diff --git a/src/subshell.c b/src/subshell.c index 241084a1b..88c016615 100644 --- a/src/subshell.c +++ b/src/subshell.c @@ -788,9 +788,12 @@ do_subshell_chdir (const char *directory, int do_update, int reset_prompt) feed_subshell (QUIETLY, FALSE); if (subshell_alive && strcmp (subshell_cwd, current_panel->cwd) - && strcmp (current_panel->cwd, ".")) + && strcmp (current_panel->cwd, ".")) { + char *cwd = strip_password (g_strdup (current_panel->cwd), 1); fprintf (stderr, _("Warning: Cannot change to %s.\n"), - current_panel->cwd); + cwd); + g_free (cwd); + } if (reset_prompt) prompt_pos = 0; diff --git a/src/util.c b/src/util.c index 83317aeac..245dde5ed 100644 --- a/src/util.c +++ b/src/util.c @@ -244,6 +244,22 @@ name_trunc (const char *txt, int trunc_len) return x; } +/* + * path_trunc() is the same as name_trunc() above but + * it deletes possible password from path for security + * reasons. + */ +const char * +path_trunc (const char *path, int trunc_len) { + const char *ret; + char *secure_path = strip_password (g_strdup (path), 1); + + ret = name_trunc (secure_path, trunc_len); + g_free (secure_path); + + return ret; +} + const char *size_trunc (double size) { static char x [BUF_TINY]; diff --git a/src/util.h b/src/util.h index 03a3a76ab..2c58fbb2b 100644 --- a/src/util.h +++ b/src/util.h @@ -28,6 +28,11 @@ char *fake_name_quote (const char *c, int quote_percent); * Return static buffer, no need to free() it. */ const char *name_trunc (const char *txt, int trunc_len); +/* path_trunc() is the same as name_trunc() above but + * it deletes possible password from path for security + * reasons. */ +const char *path_trunc (const char *path, int trunc_len); + /* return a static string representing size, appending "K" or "M" for * big sizes. * NOTE: uses the same static buffer as size_trunc_sep. */