Fixed: SVN errors lead to svn username/password being displayed to end users (#1368).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1493 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2008-06-06 14:37:49 +00:00
parent cd824c6ecf
commit a5ee8f8986
1 changed files with 14 additions and 3 deletions

View File

@ -118,7 +118,7 @@ module Redmine
def logger
RAILS_DEFAULT_LOGGER
end
def shellout(cmd, &block)
logger.debug "Shelling out: #{cmd}" if logger && logger.debug?
begin
@ -127,11 +127,22 @@ module Redmine
block.call(io) if block_given?
end
rescue Errno::ENOENT => e
msg = strip_credential(e.message)
# The command failed, log it and re-raise
logger.error("SCM command failed: #{cmd}\n with: #{e.message}")
raise CommandFailed.new(e.message)
logger.error("SCM command failed: #{strip_credential(cmd)}\n with: #{msg}")
raise CommandFailed.new(msg)
end
end
# Hides username/password in a given command
def self.hide_credential(cmd)
q = (RUBY_PLATFORM =~ /mswin/ ? '"' : "'")
cmd.to_s.gsub(/(\-\-(password|username))\s+(#{q}[^#{q}]+#{q}|[^#{q}]\S+)/, '\\1 xxxx')
end
def strip_credential(cmd)
self.class.hide_credential(cmd)
end
end
class Entries < Array