changeset 26894:e4ab3d5362df

Only log requested HTTP URL's when PURPLE_UNSAFE_DEBUG is set and change MSN to use PURPLE_UNSAFE_DEBUG instead of PURPLE_MSN_UNSAFE_DEBUG for consistency. Not logging URL's will prevent potential password disclosure for the Yahoo HTTP login method.
author John Bailey <rekkanoryo@rekkanoryo.org>
date Thu, 14 May 2009 02:12:40 +0000
parents 37436c98201e
children 6ddb4932772a 0bce1b58e1fe
files libpurple/protocols/msn/soap.c libpurple/util.c
diffstat 2 files changed, 11 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/msn/soap.c	Wed May 13 18:42:52 2009 +0000
+++ b/libpurple/protocols/msn/soap.c	Thu May 14 02:12:40 2009 +0000
@@ -80,7 +80,7 @@
 	conn->session = session;
 	conn->host = g_strdup(host);
 	conn->queue = g_queue_new();
-	conn->unsafe_debug = g_getenv("PURPLE_MSN_UNSAFE_DEBUG") != NULL;
+	conn->unsafe_debug = g_getenv("PURPLE_UNSAFE_DEBUG") != NULL;
 	return conn;
 }
 
--- a/libpurple/util.c	Wed May 13 18:42:52 2009 +0000
+++ b/libpurple/util.c	Thu May 14 02:12:40 2009 +0000
@@ -3920,7 +3920,10 @@
 		}
 	}
 
-	purple_debug_misc("util", "Request: '%s'\n", gfud->request);
+	if(g_getenv("PURPLE_UNSAFE_DEBUG"))
+		purple_debug_misc("util", "Request: '%s'\n", gfud->request);
+	else
+		purple_debug_misc("util", "request constructed\n");
 
 	total_len = strlen(gfud->request);
 
@@ -4023,9 +4026,12 @@
 	g_return_val_if_fail(url      != NULL, NULL);
 	g_return_val_if_fail(callback != NULL, NULL);
 
-	purple_debug_info("util",
-			 "requested to fetch (%s), full=%d, user_agent=(%s), http11=%d\n",
-			 url, full, user_agent?user_agent:"(null)", http11);
+	if(g_getenv("PURPLE_UNSAFE_DEBUG"))
+		purple_debug_info("util",
+				 "requested to fetch (%s), full=%d, user_agent=(%s), http11=%d\n",
+				 url, full, user_agent?user_agent:"(null)", http11);
+	else
+		purple_debug_info("util", "requesting to fetch a URL\n");
 
 	gfud = g_new0(PurpleUtilFetchUrlData, 1);