diff options
| author |  Johannes Schindelin <johannes.schindelin@gmx.de> | 2020-06-04 20:08:29 +0000 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2020-06-04 13:20:21 -0700 |
| commit | 46da295a77066994a663a47dc044f6c6fe582d26 (patch) | |
| tree | f4b2161e2e1a58b54b68414ce556aede8a7e8832 /builtin/fetch.c | |
| parent | Git 2.26 (diff) | |
| download | tgif-46da295a77066994a663a47dc044f6c6fe582d26.tar.xz | |
clone/fetch: anonymize URLs in the reflog
Even if we strongly discourage putting credentials into the URLs passed
via the command-line, there _is_ support for that, and users _do_ do
that.
Let's scrub them before writing them to the reflog.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/fetch.c')
| -rw-r--r-- | builtin/fetch.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/builtin/fetch.c b/builtin/fetch.c index bf6bab80fa..d58b757211 100644 --- a/builtin/fetch.c +++ b/builtin/fetch.c @@ -1765,8 +1765,13 @@ int cmd_fetch(int argc, const char **argv, const char *prefix) /* Record the command line for the reflog */ strbuf_addstr(&default_rla, "fetch"); - for (i = 1; i < argc; i++) - strbuf_addf(&default_rla, " %s", argv[i]); + for (i = 1; i < argc; i++) { + /* This handles non-URLs gracefully */ + char *anon = transport_anonymize_url(argv[i]); + + strbuf_addf(&default_rla, " %s", anon); + free(anon); + } fetch_config_from_gitmodules(&submodule_fetch_jobs_config, &recurse_submodules); |