summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMadCamel <madcamel@gmail.com>2013-11-17 04:20:19 -0500
committerMadCamel <madcamel@gmail.com>2013-11-17 04:20:19 -0500
commit1e43bfe979ff9971778b8202c638dc580f45f572 (patch)
tree435cc9dda5a7a805b2513a9ed43e49c9d329c902 /src
parent131dbdbfd087c4144d02cd605318688ee850f027 (diff)
downloadtmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.gz
tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.bz2
tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.tar.xz
tmwa-1e43bfe979ff9971778b8202c638dc580f45f572.zip
tmwa-admin should no longer log passwords in cleartext
This is ugly. I'd rather X-out the password in the buffer while in the addaccount function and THEN log the buffer afterwards, but I can't figure out how to do that with all this weird string typing. I guess it's a "good thing" I can't even figure out how to mash memory outside of the local function?
Diffstat (limited to 'src')
-rw-r--r--src/admin/ladmin.cpp23
1 files changed, 21 insertions, 2 deletions
diff --git a/src/admin/ladmin.cpp b/src/admin/ladmin.cpp
index bdd6cf5..93002c6 100644
--- a/src/admin/ladmin.cpp
+++ b/src/admin/ladmin.cpp
@@ -1813,8 +1813,27 @@ void prompt(void)
}
else
{
- LADMIN_LOG("Command: '%s', parameters: '%s'\n",
- command, parameters);
+ // We don't want passwords in the log - Camel
+ if (command == "create" || command == "add" || command == "password") {
+ FString name, email_, password;
+ VString<1> sex_;
+
+ if (qsplit(parameters, &name, &sex_, &email_, &password))
+ LADMIN_LOG("Command: '%s', parameters: '%s %s %s ***'\n",
+ command, name, sex_, email_);
+ else if (qsplit(parameters, &name, &sex_, &password))
+ LADMIN_LOG("Command: '%s', parameters: '%s %s ***'\n",
+ command, name, sex_);
+ else if (qsplit(parameters, &name, &password))
+ LADMIN_LOG("Command: '%s', parameters: '%s ***'\n",
+ command, name);
+ else
+ LADMIN_LOG("Command: '%s' (invalid parameters)\n", command);
+ }
+ else {
+ LADMIN_LOG("Command: '%s', parameters: '%s'\n",
+ command, parameters);
+ }
}
// Analyse of the command