Remove passwords and tokens from Log:: output.

This commit is contained in:
hiker 2014-03-05 10:34:28 +11:00
parent 02fa3ceed0
commit eba8fd1e45
2 changed files with 25 additions and 2 deletions

View File

@ -197,9 +197,27 @@ namespace Online
if(m_parameters.size()==0)
Log::info("HTTPRequest", "Downloading %s", m_url.c_str());
else
else if (Log::getLogLevel()<=Log::LL_INFO)
{
// Avoid printing the password or token, just replace them with *s
std::string param = m_parameters;
for (unsigned int j = 0; j < 2; j++)
{
std::string s = j == 0 ? "&password=" : "&token=";
std::size_t pos = param.find(s);
if (pos != std::string::npos)
{
pos += s.size();
while (pos < param.size() && param[pos] != '&')
{
param[pos] = '*';
pos++;
} // while not end
} // if string found
} // for j < 2
Log::info("HTTPRequest", "Sending %s to %s",
m_parameters.c_str(), m_url.c_str());
param.c_str(), m_url.c_str());
}
curl_easy_setopt(m_curl_session, CURLOPT_POSTFIELDS,
m_parameters.c_str());
std::string uagent( std::string("SuperTuxKart/") + STK_VERSION );

View File

@ -109,6 +109,11 @@ public:
m_min_log_level = (LogLevel)n;
} // setLogLevel
// ------------------------------------------------------------------------
/** Returns the log level. This is useful if some work is necessary to
* preprate output strings, which might not be used at all (example:
* replacing the cleartext password in an http request). */
static LogLevel getLogLevel() { return m_min_log_level; }
// ------------------------------------------------------------------------
/** Disable coloring of log messages. */
static void disableColor()