diff options
author | Max Kellermann <max@duempel.org> | 2009-02-27 19:20:11 +0100 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2009-02-27 19:20:11 +0100 |
commit | eae0287466020b5b5aee137fb4599136420f89a2 (patch) | |
tree | 23c1e1202a94e130f4c3ec006d1a4894939d6b92 | |
parent | 9dd00dfab7a7991c53d2f1dcff4cc2828abf7854 (diff) | |
download | mpd-eae0287466020b5b5aee137fb4599136420f89a2.tar.gz mpd-eae0287466020b5b5aee137fb4599136420f89a2.tar.xz mpd-eae0287466020b5b5aee137fb4599136420f89a2.zip |
song_print: hide HTTP password in playlist
Added the uri_remove_auth() library function which strips username
and password from a HTTP URI, and use it in song_print_url(). This
allows you to add HTTP URIs to the playlist including secret username
and password, without disclosing it to all MPD clients.
Diffstat (limited to '')
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/song_print.c | 12 | ||||
-rw-r--r-- | src/uri.c | 32 | ||||
-rw-r--r-- | src/uri.h | 9 |
4 files changed, 53 insertions, 1 deletions
@@ -2,6 +2,7 @@ ver 0.15 - (200?/??/??) * input: - parse Icy-Metadata - added support for the MMS protocol + - hide HTTP password in playlist * tags: - support the "album artist" tag - support MusicBrainz tags diff --git a/src/song_print.c b/src/song_print.c index 60e16f941..1b62f324e 100644 --- a/src/song_print.c +++ b/src/song_print.c @@ -22,6 +22,7 @@ #include "directory.h" #include "tag_print.h" #include "client.h" +#include "uri.h" void song_print_url(struct client *client, struct song *song) @@ -30,7 +31,16 @@ song_print_url(struct client *client, struct song *song) client_printf(client, "%s%s/%s\n", SONG_FILE, directory_get_path(song->parent), song->url); } else { - client_printf(client, "%s%s\n", SONG_FILE, song->url); + char *allocated; + const char *uri; + + uri = allocated = uri_remove_auth(song->url); + if (uri == NULL) + uri = song->url; + + client_printf(client, "%s%s\n", SONG_FILE, uri); + + g_free(allocated); } } @@ -35,3 +35,35 @@ uri_get_suffix(const char *uri) return dot != NULL ? dot + 1 : NULL; } + +char * +uri_remove_auth(const char *uri) +{ + const char *auth, *slash, *at; + char *p; + + if (strncmp(uri, "http://", 7) == 0) + auth = uri + 7; + else if (strncmp(uri, "https://", 8) == 0) + auth = uri + 8; + else + /* unrecognized URI */ + return NULL; + + slash = strchr(auth, '/'); + if (slash == NULL) + slash = auth + strlen(auth); + + at = memchr(auth, '@', slash - auth); + if (at == NULL) + /* no auth info present, do nothing */ + return NULL; + + /* duplicate the full URI and then delete the auth + information */ + p = g_strdup(uri); + memmove(p + (auth - uri), p + (at + 1 - uri), + strlen(at)); + + return p; +} @@ -30,4 +30,13 @@ bool uri_has_scheme(const char *uri); const char * uri_get_suffix(const char *uri); +/** + * Removes HTTP username and password from the URI. This may be + * useful for displaying an URI without disclosing secrets. Returns + * NULL if nothing needs to be removed, or if the URI is not + * recognized. + */ +char * +uri_remove_auth(const char *uri); + #endif |