From f6b541b665a482f4b067a7a80baa0ee33f55d65d Mon Sep 17 00:00:00 2001 From: Ramiro Estrugo Date: Tue, 26 Jun 2001 01:21:07 +0000 Subject: [PATCH] =?UTF-8?q?=09Patch=20from=20Miguel=20Rodr=EDguez=20P=E9re?= =?UTF-8?q?z=20=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * libnautilus-private/nautilus-thumbnails.c (obfuscate_password): New function to look for a password in una uri and change it for 6 asterisks. (make_thumbnail_uri): Call obfuscate_passwd before generating the final uri. This prevents the password to be saved in cleartext in ~/.nautilus/thumbnails if the user accesses some remote server. --- ChangeLog | 12 ++++++++ libnautilus-private/nautilus-thumbnails.c | 35 +++++++++++++++++++++-- 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5fc53cd81..3ced207ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2001-06-25 Ramiro Estrugo + + Patch from Miguel Rodríguez Pérez + + * libnautilus-private/nautilus-thumbnails.c (obfuscate_password): + New function to look for a password in una uri and change it + for 6 asterisks. + (make_thumbnail_uri): Call obfuscate_passwd before generating the + final uri. + This prevents the password to be saved in cleartext in + ~/.nautilus/thumbnails if the user accesses some remote server. + 2001-06-25 Ramiro Estrugo * configure.in: diff --git a/libnautilus-private/nautilus-thumbnails.c b/libnautilus-private/nautilus-thumbnails.c index 12c0fafb3..4fccb3266 100644 --- a/libnautilus-private/nautilus-thumbnails.c +++ b/libnautilus-private/nautilus-thumbnails.c @@ -121,6 +121,33 @@ prefer_global_thumbnails_location (const char *image_uri) return !uri_is_local (image_uri); } +/* this functions looks for a password in a uri and changes it for 6 'x' */ + +static char * +obfuscate_password (const char *escaped_uri) +{ + const char *passwd_start, *passwd_end; + char *new_uri, *new_uri_temp; + + passwd_start = strchr (escaped_uri, ':'); + g_assert (passwd_start != NULL); + passwd_start = strchr (passwd_start + 1, ':'); /* The fisrt ':' is for the protocol */ + if (passwd_start == NULL) { /* There's no password */ + return g_strdup (escaped_uri); + } + passwd_end = strchr (passwd_start, '@'); + + /* This URL has no valid password */ + if (passwd_end == NULL || passwd_start == NULL || passwd_end <= passwd_start) { + return g_strdup (escaped_uri); + } else { + new_uri_temp = g_strndup (escaped_uri, passwd_start - escaped_uri); + new_uri = g_strdup_printf ("%s:xxxxxx%s", new_uri_temp, passwd_end); + g_free (new_uri_temp); + return new_uri; + } +} + /* utility routine that, given the uri of an image, constructs the uri to the corresponding thumbnail */ static char * @@ -148,11 +175,13 @@ make_thumbnail_uri (const char *image_uri, gboolean directory_only, gboolean use GnomeVFSResult result; GnomeVFSURI *thumbnail_directory_uri; - char *escaped_uri = gnome_vfs_escape_slashes (directory_name); - thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), escaped_uri); + char *escaped_uri = gnome_vfs_escape_slashes (directory_name); + char *protected_uri = obfuscate_password (escaped_uri); + g_free (escaped_uri); + thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), protected_uri); thumbnail_uri = gnome_vfs_get_uri_from_local_path (thumbnail_path); g_free (thumbnail_path); - g_free(escaped_uri); + g_free (protected_uri); /* we must create the directory if it doesn't exist */