Feature #881

- Passwords in URIs will now be obscured
   (affects the commands show, merge, pull and push)

src/Uri.cpp

@@ -199,12 +199,18 @@ std::string Uri::ToString ()
     return _data;
 
   std::string result;
-  // strip password from _user
-  std::string::size_type pos = _user.find (":");
   result = _protocol + "://";
 
-  if (_user.length () > 0)
+  if (_user.length () > 0) {
-    result += _user.substr (0, pos) + "@";
+    // obscure password in _user
+    std::string::size_type pos = _user.find (":");
+    if (pos != std::string::npos) {
+      std::string::size_type len = _user.length () - pos - 1;
+      result += _user.replace (pos+1, len, len, '*') + "@";
+    }
+    else
+      result += _user + "@";
+  }
   
   result += _host;
   

src/commands/CmdShow.cpp

@@ -38,6 +38,7 @@
 #include <Directory.h>
 #include <ViewText.h>
 #include <CmdShow.h>
+#include <Uri.h>
 
 extern Context context;
 
@@ -276,9 +277,20 @@ int CmdShow::execute (std::string& output)
       else if (std::find (default_values.begin (), default_values.end (), *i) != default_values.end ())
         color = warning;
 
+      std::string value = context.config.get (*i);
+      // hide sensible information
+      if ( (i->substr (0, 5) == "push."   ||
+            i->substr (0, 5) == "pull."   ||
+            i->substr (0, 6) == "merge.") && (i->find (".uri") != std::string::npos) ) {
+
+        Uri uri (value);
+        uri.parse ();
+        value = uri.ToString ();
+      }
+
       int row = view.addRow ();
       view.set (row, 0, *i, color);
-      view.set (row, 1, context.config.get (*i), color);
+      view.set (row, 1, value, color);
     }
   }