From a5ee8f89866c81c400d36568b6d140b2c501d439 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 6 Jun 2008 14:37:49 +0000 Subject: Fixed: SVN errors lead to svn username/password being displayed to end users (#1368). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1493 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- lib/redmine/scm/adapters/abstract_adapter.rb | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/redmine/scm/adapters/abstract_adapter.rb b/lib/redmine/scm/adapters/abstract_adapter.rb index 8fbae9ff8..9563ed800 100644 --- a/lib/redmine/scm/adapters/abstract_adapter.rb +++ b/lib/redmine/scm/adapters/abstract_adapter.rb @@ -118,7 +118,7 @@ module Redmine def logger RAILS_DEFAULT_LOGGER end - + def shellout(cmd, &block) logger.debug "Shelling out: #{cmd}" if logger && logger.debug? begin @@ -127,11 +127,22 @@ module Redmine block.call(io) if block_given? end rescue Errno::ENOENT => e + msg = strip_credential(e.message) # The command failed, log it and re-raise - logger.error("SCM command failed: #{cmd}\n with: #{e.message}") - raise CommandFailed.new(e.message) + logger.error("SCM command failed: #{strip_credential(cmd)}\n with: #{msg}") + raise CommandFailed.new(msg) end end + + # Hides username/password in a given command + def self.hide_credential(cmd) + q = (RUBY_PLATFORM =~ /mswin/ ? '"' : "'") + cmd.to_s.gsub(/(\-\-(password|username))\s+(#{q}[^#{q}]+#{q}|[^#{q}]\S+)/, '\\1 xxxx') + end + + def strip_credential(cmd) + self.class.hide_credential(cmd) + end end class Entries < Array -- cgit v1.2.3