|
From: | Tino Calancha |
Subject: | bug#30190: 27.0.50; term run in line mode shows user passwords |
Date: | Wed, 18 Jul 2018 23:56:34 +0900 (JST) |
User-agent: | Alpine 2.20 (DEB 67 2015-01-07) |
@@ -2288,7 +2289,8 @@ term-send-invisible \\[view-lossage]." (interactive "P") ; Defeat snooping via C-x esc (when (not (stringp str)) - (setq str (term-read-noecho "Non-echoed text: " t))) + (let ((read-hide-char ?*)) + (setq str (read-passwd "Non-echoed text: ")))) (when (not proc) (setq proc (get-buffer-process (current-buffer)))) (if (not proc) (error "Current buffer has no process")Why do we need to bind `read-hide-char` here?
I made this binding so that the user observes same characters (?*) to hide the input as with command: M-x term-send-invisble RET
I don't think so. `read-passwd' uses ?. as default. The docstring suggest us to let-bind `read-hide-char' in case we wish another char. Alternatively we could use ?. always as default, and change `term-send-invisble'. Personaly, I prefer ?* because my vision is quite poor and ?. looks too small :-|More specifically, shouldn't `read-passwd` do that for us (hence if it doesn't yet, then the right patch is to add this let-binding to `read-passwd`)?
@@ -2297,6 +2299,17 @@ term-send-invisible (term-send-string proc str) (term-send-string proc "\n"))) +;; TODO: Maybe combine this with `comint-watch-for-password-prompt'.Would be nice, yes.
Indeed, one of my favourite Beach Boys songs.
@@ -3152,6 +3165,9 @@ term-emulate-terminal (term-handle-deferred-scroll)) (set-marker (process-mark proc) (point)) + (when (stringp decoded-substring) + (term-watch-for-password-prompt (prog1 decoded-substring + (setq decoded-substring nil))))I suggest you add a comment explaining why we set decoded-substring to nil.
Agreed. It's not obvious at first glance.
[Prev in Thread] | Current Thread | [Next in Thread] |