Mercurial > pidgin
changeset 26894:e4ab3d5362df
Only log requested HTTP URL's when PURPLE_UNSAFE_DEBUG is set and change MSN
to use PURPLE_UNSAFE_DEBUG instead of PURPLE_MSN_UNSAFE_DEBUG for consistency.
Not logging URL's will prevent potential password disclosure for the Yahoo
HTTP login method.
author | John Bailey <rekkanoryo@rekkanoryo.org> |
---|---|
date | Thu, 14 May 2009 02:12:40 +0000 |
parents | 37436c98201e |
children | 6ddb4932772a 0bce1b58e1fe |
files | libpurple/protocols/msn/soap.c libpurple/util.c |
diffstat | 2 files changed, 11 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/msn/soap.c Wed May 13 18:42:52 2009 +0000 +++ b/libpurple/protocols/msn/soap.c Thu May 14 02:12:40 2009 +0000 @@ -80,7 +80,7 @@ conn->session = session; conn->host = g_strdup(host); conn->queue = g_queue_new(); - conn->unsafe_debug = g_getenv("PURPLE_MSN_UNSAFE_DEBUG") != NULL; + conn->unsafe_debug = g_getenv("PURPLE_UNSAFE_DEBUG") != NULL; return conn; }
--- a/libpurple/util.c Wed May 13 18:42:52 2009 +0000 +++ b/libpurple/util.c Thu May 14 02:12:40 2009 +0000 @@ -3920,7 +3920,10 @@ } } - purple_debug_misc("util", "Request: '%s'\n", gfud->request); + if(g_getenv("PURPLE_UNSAFE_DEBUG")) + purple_debug_misc("util", "Request: '%s'\n", gfud->request); + else + purple_debug_misc("util", "request constructed\n"); total_len = strlen(gfud->request); @@ -4023,9 +4026,12 @@ g_return_val_if_fail(url != NULL, NULL); g_return_val_if_fail(callback != NULL, NULL); - purple_debug_info("util", - "requested to fetch (%s), full=%d, user_agent=(%s), http11=%d\n", - url, full, user_agent?user_agent:"(null)", http11); + if(g_getenv("PURPLE_UNSAFE_DEBUG")) + purple_debug_info("util", + "requested to fetch (%s), full=%d, user_agent=(%s), http11=%d\n", + url, full, user_agent?user_agent:"(null)", http11); + else + purple_debug_info("util", "requesting to fetch a URL\n"); gfud = g_new0(PurpleUtilFetchUrlData, 1);