aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2009-02-27 19:20:11 +0100
committerMax Kellermann <max@duempel.org>2009-02-27 19:20:11 +0100
commiteae0287466020b5b5aee137fb4599136420f89a2 (patch)
tree23c1e1202a94e130f4c3ec006d1a4894939d6b92
parent9dd00dfab7a7991c53d2f1dcff4cc2828abf7854 (diff)
downloadmpd-eae0287466020b5b5aee137fb4599136420f89a2.tar.gz
mpd-eae0287466020b5b5aee137fb4599136420f89a2.tar.xz
mpd-eae0287466020b5b5aee137fb4599136420f89a2.zip
song_print: hide HTTP password in playlist
Added the uri_remove_auth() library function which strips username and password from a HTTP URI, and use it in song_print_url(). This allows you to add HTTP URIs to the playlist including secret username and password, without disclosing it to all MPD clients.
Diffstat (limited to '')
-rw-r--r--NEWS1
-rw-r--r--src/song_print.c12
-rw-r--r--src/uri.c32
-rw-r--r--src/uri.h9
4 files changed, 53 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 322a32855..7bdae31e4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ ver 0.15 - (200?/??/??)
* input:
- parse Icy-Metadata
- added support for the MMS protocol
+ - hide HTTP password in playlist
* tags:
- support the "album artist" tag
- support MusicBrainz tags
diff --git a/src/song_print.c b/src/song_print.c
index 60e16f941..1b62f324e 100644
--- a/src/song_print.c
+++ b/src/song_print.c
@@ -22,6 +22,7 @@
#include "directory.h"
#include "tag_print.h"
#include "client.h"
+#include "uri.h"
void
song_print_url(struct client *client, struct song *song)
@@ -30,7 +31,16 @@ song_print_url(struct client *client, struct song *song)
client_printf(client, "%s%s/%s\n", SONG_FILE,
directory_get_path(song->parent), song->url);
} else {
- client_printf(client, "%s%s\n", SONG_FILE, song->url);
+ char *allocated;
+ const char *uri;
+
+ uri = allocated = uri_remove_auth(song->url);
+ if (uri == NULL)
+ uri = song->url;
+
+ client_printf(client, "%s%s\n", SONG_FILE, uri);
+
+ g_free(allocated);
}
}
diff --git a/src/uri.c b/src/uri.c
index 6a6ddf82f..8c5ec4dcb 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -35,3 +35,35 @@ uri_get_suffix(const char *uri)
return dot != NULL ? dot + 1 : NULL;
}
+
+char *
+uri_remove_auth(const char *uri)
+{
+ const char *auth, *slash, *at;
+ char *p;
+
+ if (strncmp(uri, "http://", 7) == 0)
+ auth = uri + 7;
+ else if (strncmp(uri, "https://", 8) == 0)
+ auth = uri + 8;
+ else
+ /* unrecognized URI */
+ return NULL;
+
+ slash = strchr(auth, '/');
+ if (slash == NULL)
+ slash = auth + strlen(auth);
+
+ at = memchr(auth, '@', slash - auth);
+ if (at == NULL)
+ /* no auth info present, do nothing */
+ return NULL;
+
+ /* duplicate the full URI and then delete the auth
+ information */
+ p = g_strdup(uri);
+ memmove(p + (auth - uri), p + (at + 1 - uri),
+ strlen(at));
+
+ return p;
+}
diff --git a/src/uri.h b/src/uri.h
index 6a20e94a4..1189cb227 100644
--- a/src/uri.h
+++ b/src/uri.h
@@ -30,4 +30,13 @@ bool uri_has_scheme(const char *uri);
const char *
uri_get_suffix(const char *uri);
+/**
+ * Removes HTTP username and password from the URI. This may be
+ * useful for displaying an URI without disclosing secrets. Returns
+ * NULL if nothing needs to be removed, or if the URI is not
+ * recognized.
+ */
+char *
+uri_remove_auth(const char *uri);
+
#endif