[svn] Fix for bug #20296: User:pass@ given in Referer header.

ChangeLog

@@ -1,6 +1,7 @@
 2007-07-29  Micah Cowan  <micah@cowan.name>
 
-	* NEWS: No more auth before challenge.
+	* NEWS: No more auth before challenge. No more auth info in
+	Referer.
 
 2007-07-09  Micah Cowan  <micah@cowan.name>
 

NEWS

@@ -7,6 +7,9 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
 
 * Changes in Wget 1.11.
 
+** Authentication information is no longer sent as part of the Referer
+header in recursive fetches.
+
 ** No authentication credentials are sent until a challenge is issued,
 for improved security. Authentication handling is still not
 RFC-compliant, as once a Basic challenge has been received, it will

src/ChangeLog

@@ -1,3 +1,12 @@
+2007-07-29  Micah Cowan  <micah@cowan.name>
+
+	* url.h, url.c (url_string): Replaced bool arg of the url_string
+	function with enum url_auth_mode, with added option to
+	completely remove user/pass auth information.
+	* http.c, ftp.c, url.c, recur.c: Adapted call to url_string
+	function to fit new usage.
+	* recur.c (retrieve_tree): Remove auth info from Referer header.
+
 2007-07-28  Micah Cowan  <micah@cowan.name>
 
 	* options.h, init.c, retr.c, main.c: renamed opt maxredirect

src/ftp.c

@@ -1153,7 +1153,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con)
       /* Print fetch message, if opt.verbose.  */
       if (opt.verbose)
 	{
-	  char *hurl = url_string (u, true);
+	  char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD);
 	  char tmp[256];
 	  strcpy (tmp, "        ");
 	  if (count > 1)
@@ -1234,7 +1234,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con)
 	  /* Need to hide the password from the URL.  The `if' is here
              so that we don't do the needless allocation every
              time. */
-	  char *hurl = url_string (u, true);
+	  char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD);
 	  logprintf (LOG_NONVERBOSE, "%s URL: %s [%s] -> \"%s\" [%d]\n",
 		     tms, hurl, number_to_static_string (len), locf, count);
 	  xfree (hurl);

src/http.c

@@ -2359,7 +2359,7 @@ Spider mode enabled. Check if remote file exists.\n"));
       /* Print fetch message, if opt.verbose.  */
       if (opt.verbose)
         {
-          char *hurl = url_string (u, true);
+          char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD);
           
           if (count > 1) 
             {
@@ -2483,7 +2483,7 @@ Spider mode enabled. Check if remote file exists.\n"));
           if (!opt.verbose)
             {
               /* #### Ugly ugly ugly! */
-              hurl = url_string (u, true);
+              hurl = url_string (u, URL_AUTH_HIDE_PASSWD);
               logprintf (LOG_NONVERBOSE, "%s:\n", hurl);
             }
           /* Maybe we should always keep track of broken links, not just in
@@ -2492,7 +2492,7 @@ Spider mode enabled. Check if remote file exists.\n"));
             {
               /* #### Again: ugly ugly ugly! */
               if (!hurl) 
-                hurl = url_string (u, true);
+                hurl = url_string (u, URL_AUTH_HIDE_PASSWD);
               nonexisting_url (hurl);
               logprintf (LOG_NOTQUIET, _("\
 Remote file does not exist -- broken link!!!\n"));

src/recur.c

@@ -324,8 +324,14 @@ retrieve_tree (const char *start_url)
 	    {
 	      struct urlpos *child = children;
 	      struct url *url_parsed = url_parsed = url_parse (url, NULL);
+              char *referer_url = url;
+              bool strip_auth = url_parsed->user;
 	      assert (url_parsed != NULL);
 
+              /* Strip auth info if present */
+              if (strip_auth)
+                referer_url = url_string (url_parsed, URL_AUTH_HIDE);
+
 	      for (; child; child = child->next)
 		{
 		  if (child->ignore_when_downloading)
@@ -336,7 +342,7 @@ retrieve_tree (const char *start_url)
 					blacklist))
 		    {
 		      url_enqueue (queue, xstrdup (child->url->url),
-				   xstrdup (url), depth + 1,
+				   xstrdup (referer_url), depth + 1,
 				   child->link_expect_html);
 		      /* We blacklist the URL we have enqueued, because we
 			 don't want to enqueue (and hence download) the
@@ -345,6 +351,8 @@ retrieve_tree (const char *start_url)
 		    }
 		}
 
+              if (strip_auth)
+                xfree (referer_url);
 	      url_free (url_parsed);
 	      free_urlpos (children);
 	    }
@@ -428,7 +436,7 @@ download_child_p (const struct urlpos *upos, struct url *parent, int depth,
     {
       if (opt.spider) 
 	{
-          char *referrer = url_string (parent, true);
+          char *referrer = url_string (parent, URL_AUTH_HIDE_PASSWD);
           DEBUGP (("download_child_p: parent->url is: `%s'\n", parent->url));
           visited_url (url, referrer);
 	  xfree (referrer);
@@ -628,3 +636,5 @@ descend_redirect_p (const char *redirected, const char *original, int depth,
 
   return success;
 }
+
+/* vim:set sts=2 sw=2 cino+={s: */

src/url.c

@@ -855,7 +855,7 @@ url_parse (const char *url, int *error)
       /* If we suspect that a transformation has rendered what
          url_string might return different from URL_ENCODED, rebuild
          u->url using url_string.  */
-      u->url = url_string (u, false);
+      u->url = url_string (u, URL_AUTH_SHOW);
 
       if (url_encoded != url)
         xfree ((char *) url_encoded);
@@ -1071,7 +1071,7 @@ sync_path (struct url *u)
 
   /* Regenerate u->url as well.  */
   xfree (u->url);
-  u->url = url_string (u, false);
+  u->url = url_string (u, URL_AUTH_SHOW);
 }
 
 /* Mutators.  Code in ftp.c insists on changing u->dir and u->file.
@@ -1814,7 +1814,7 @@ uri_merge (const char *base, const char *link)
    the URL will be quoted.  */
 
 char *
-url_string (const struct url *url, bool hide_password)
+url_string (const struct url *url, enum url_auth_mode auth_mode)
 {
   int size;
   char *result, *p;
@@ -1831,13 +1831,16 @@ url_string (const struct url *url, bool hide_password)
   /* Make sure the user name and password are quoted. */
   if (url->user)
     {
-      quoted_user = url_escape_allow_passthrough (url->user);
-      if (url->passwd)
+      if (auth_mode != URL_AUTH_HIDE)
         {
-          if (hide_password)
-            quoted_passwd = HIDDEN_PASSWORD;
-          else
-            quoted_passwd = url_escape_allow_passthrough (url->passwd);
+          quoted_user = url_escape_allow_passthrough (url->user);
+          if (url->passwd)
+            {
+              if (auth_mode = URL_AUTH_HIDE_PASSWD)
+                quoted_passwd = HIDDEN_PASSWORD;
+              else
+                quoted_passwd = url_escape_allow_passthrough (url->passwd);
+            }
         }
     }
 
@@ -1899,7 +1902,8 @@ url_string (const struct url *url, bool hide_password)
 
   if (quoted_user && quoted_user != url->user)
     xfree (quoted_user);
-  if (quoted_passwd && !hide_password && quoted_passwd != url->passwd)
+  if (quoted_passwd && auth_mode == URL_AUTH_SHOW
+      && quoted_passwd != url->passwd)
     xfree (quoted_passwd);
   if (quoted_host != url->host)
     xfree (quoted_host);

src/url.h

@@ -34,6 +34,14 @@ so, delete this exception statement from your version.  */
 #define DEFAULT_FTP_PORT 21
 #define DEFAULT_HTTPS_PORT 443
 
+/* Specifies how, or whether, user auth information should be included
+ * in URLs regenerated from URL parse structures. */
+enum url_auth_mode {
+  URL_AUTH_SHOW,
+  URL_AUTH_HIDE_PASSWD,
+  URL_AUTH_HIDE
+};
+
 /* Note: the ordering here is related to the order of elements in
    `supported_schemes' in url.c.  */
 
@@ -86,7 +94,7 @@ bool url_has_scheme (const char *);
 int scheme_default_port (enum url_scheme);
 void scheme_disable (enum url_scheme);
 
-char *url_string (const struct url *, bool);
+char *url_string (const struct url *, enum url_auth_mode);
 char *url_file_name (const struct url *);
 
 char *uri_merge (const char *, const char *);