commit 0b82266882af331c692f174c77ab9c6906512b29
parent a3205de571f08e8f38b66406e36449cdfd136ee4
Author: Dan Stillman <dstillman@zotero.org>
Date: Tue, 26 Mar 2013 16:00:55 -0400
Don't show nsIChannel passwords in debug output
Diffstat:
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/chrome/content/zotero/xpcom/http.js b/chrome/content/zotero/xpcom/http.js
@@ -13,6 +13,19 @@ Zotero.HTTP = new function() {
this.xmlhttp = xmlhttp;
this.status = xmlhttp.status;
this.message = msg;
+
+ // Hide password from debug output
+ //
+ // Password also shows up in channel.name (nsIRequest.name), but that's
+ // read-only and has to be handled in Zotero.varDump()
+ try {
+ if (xmlhttp.channel.URI.password) {
+ xmlhttp.channel.URI.password = "********";
+ }
+ }
+ catch (e) {
+ Zotero.debug(e, 1);
+ }
};
this.UnexpectedStatusException.prototype.toString = function() {
diff --git a/chrome/content/zotero/xpcom/utilities.js b/chrome/content/zotero/xpcom/utilities.js
@@ -1136,6 +1136,9 @@ Zotero.Utilities = {
}
if (typeof(arr) == 'object') { // Array/Hashes/Objects
+ let isRequest = ((Zotero.isFx && !Zotero.isBookmarklet) || Zotero.isStandalone)
+ && arr instanceof Components.interfaces.nsIRequest;
+
//array for checking recursion
//initialise at first itteration
if(!parentObjects) {
@@ -1145,6 +1148,12 @@ Zotero.Utilities = {
for (var item in arr) {
try {
+ // Don't display nsIRequest.name, which can contain password
+ if (isRequest && item == 'name') {
+ dumped_text += level_padding + "'" + item + "' => <<Skipped>>\n";
+ continue;
+ }
+
var value = arr[item];
} catch(e) {
dumped_text += level_padding + "'" + item + "' => <<Access Denied>>\n";
