# HG changeset patch
# User Paul Aurich <paul@darkrain42.org>
# Date 1230830874 0
# Node ID 3a4070656d611ead80a5e631dd3c239f6abaa71a
# Parent  c260fe3ac5c8aed3269d5504e4f485c5e1101d2e
Don't log passwords for XMPP when using SASL PLAIN or old-style IQ Auth so
that debug logs are clean.  This doesn't affect DIGEST-MD5.  Fixes #7836.

committer: John Bailey <rekkanoryo@rekkanoryo.org>

diff -r c260fe3ac5c8 -r 3a4070656d61 libpurple/protocols/jabber/jabber.c
--- a/libpurple/protocols/jabber/jabber.c	Thu Jan 01 17:03:44 2009 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Thu Jan 01 17:27:54 2009 +0000
@@ -351,9 +351,33 @@
 {
 
 	/* because printing a tab to debug every minute gets old */
-	if(strcmp(data, "\t"))
-		purple_debug(PURPLE_DEBUG_MISC, "jabber", "Sending%s: %s\n",
-				js->gsc ? " (ssl)" : "", data);
+	if(strcmp(data, "\t")) {
+		char *text = NULL, *last_part = NULL, *tag_start = NULL;
+
+		/* Because debug logs with plaintext passwords make me sad */
+		if(js->state != JABBER_STREAM_CONNECTED &&
+				/* Either <auth> or <query><password>... */
+				(((tag_start = strstr(data, "<auth ")) &&
+					strstr(data, "xmlns='urn:ietf:params:xml:ns:xmpp-sasl'")) ||
+				((tag_start = strstr(data, "<query ")) &&
+					strstr(data, "xmlns='jabber:iq:auth'>") &&
+					(tag_start = strstr(tag_start, "<password>"))))) {
+			char *data_start, *tag_end = strchr(tag_start, '>');
+			text = g_strdup(data);
+
+			data_start = text + (tag_end - data) + 1;
+
+			last_part = strchr(data_start, '<');
+			*data_start = '\0';
+		}
+
+		purple_debug(PURPLE_DEBUG_MISC, "jabber", "Sending%s: %s%s%s\n",
+				js->gsc ? " (ssl)" : "", text ? text : data,
+				last_part ? "password removed" : "",
+				last_part ? last_part : "");
+
+		g_free(text);
+	}
 
 	/* If we've got a security layer, we need to encode the data,
 	 * splitting it on the maximum buffer length negotiated */