tmwa-admin should no longer log passwords in cleartext

This is ugly. I'd rather X-out the password in the buffer while in the
addaccount function and THEN log the buffer afterwards, but I can't
figure out how to do that with all this weird string typing. I guess
it's a "good thing" I can't even figure out how to mash memory outside
of the local function?

1 files changed, 21 insertions, 2 deletions

diff --git a/src/admin/ladmin.cpp b/src/admin/ladmin.cpp
index bdd6cf5..93002c6 100644
--- a/src/admin/ladmin.cpp
+++ b/src/admin/ladmin.cpp
@@ -1813,8 +1813,27 @@ void prompt(void)
         }
         else
         {
-            LADMIN_LOG("Command: '%s', parameters: '%s'\n",
-                    command, parameters);
+            // We don't want passwords in the log - Camel
+            if (command == "create" || command == "add" || command == "password") {
+                FString name, email_, password;
+                VString<1> sex_;
+
+                if (qsplit(parameters, &name, &sex_, &email_, &password))
+                    LADMIN_LOG("Command: '%s', parameters: '%s %s %s ***'\n",
+                            command, name, sex_, email_);
+                else if (qsplit(parameters, &name, &sex_, &password))
+                    LADMIN_LOG("Command: '%s', parameters: '%s %s ***'\n",
+                            command, name, sex_);
+                else if (qsplit(parameters, &name, &password))
+                    LADMIN_LOG("Command: '%s', parameters: '%s ***'\n",
+                            command, name);
+                else
+                    LADMIN_LOG("Command: '%s' (invalid parameters)\n", command);
+            }
+            else {
+                LADMIN_LOG("Command: '%s', parameters: '%s'\n",
+                        command, parameters);
+            }
         }
 
         // Analyse of the command