Fixed: SVN errors lead to svn username/password being displayed to end users (#1368).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1493 e93f8b46-1217-0410-a6f0-8f06a7374b81

Fixed: SVN errors lead to svn username/password being displayed to end users (#1368).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1493 e93f8b46-1217-0410-a6f0-8f06a7374b81
a5ee8f89 · Jean-Philippe Lang · cd824c6e · a5ee8f89
Commit a5ee8f89 authored Jun 06, 2008 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 3 deletions

abstract_adapter.rb lib/redmine/scm/adapters/abstract_adapter.rb +14 -3

No files found.
--- a/lib/redmine/scm/adapters/abstract_adapter.rb
+++ b/lib/redmine/scm/adapters/abstract_adapter.rb
@@ -118,7 +118,7 @@ module Redmine
        def logger
          RAILS_DEFAULT_LOGGER
        end
-      
+        
        def shellout(cmd, &block)
          logger.debug "Shelling out: #{cmd}" if logger && logger.debug?
          begin
@@ -127,11 +127,22 @@ module Redmine
              block.call(io) if block_given?
            end
          rescue Errno::ENOENT => e
+            msg = strip_credential(e.message)
            # The command failed, log it and re-raise
-            logger.error("SCM command failed: #{cmd}\n  with: #{e.message}")
-            raise CommandFailed.new(e.message)
+            logger.error("SCM command failed: #{strip_credential(cmd)}\n  with: #{msg}")
+            raise CommandFailed.new(msg)
          end
        end  
+        
+        # Hides username/password in a given command
+        def self.hide_credential(cmd)
+          q = (RUBY_PLATFORM =~ /mswin/ ? '"' : "'")
+          cmd.to_s.gsub(/(\-\-(password|username))\s+(#{q}[^#{q}]+#{q}|[^#{q}]\S+)/, '\\1 xxxx')
+        end
+        
+        def strip_credential(cmd)
+          self.class.hide_credential(cmd)
+        end
      end
      
      class Entries < Array