]> sjero.net Git - wget/blobdiff - src/url.c
projects / wget / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[svn] url.c (str_url): Henrik van Ginhoven pointed out on the list that we shouldn't
[wget] / src / url.c
diff --git a/src/url.c b/src/url.c
index cf3e2b231927dfd23e3ddb57a19828b319246189..747fb7be068bdf32f263459af1b7d3de7bdb4d71 100644 (file)
--- a/src/url.c
+++ b/src/url.c
@@ -688,11 +688,14 @@ str_url (const struct urlinfo *u, int hide)
     user = CLEANDUP (u->user);
   if (u->passwd)
     {
-      int j;
-      passwd = CLEANDUP (u->passwd);
       if (hide)
-       for (j = 0; passwd[j]; j++)
-         passwd[j] = 'x';
+       /* Don't output the password, or someone might see it over the user's
+          shoulder (or in saved wget output).  Don't give away the number of
+          characters in the password, either, as we did when we replaced the
+          password characters with 'x's. */
+       passwd = "<password>";
+      else
+       passwd = CLEANDUP (u->passwd);
     }
   if (u->proto == URLFTP && *dir == '/')
     {
GNU Wget (from http://git.savannah.gnu.org/cgit/wget.git). Modified to allow selection of TCP source port. Clone using: git clone http://sjero.net/src/wget/ wget