[Edbrowse-dev] Disabling local echo for password fields

[Karl Dahlke <eklhad@comcast.net>]

[-- Attachment #1: Type: text/plain, Size: 2160 bytes --]

I got the patch out of github, it will take a while to look through, not a lot of code but a lot of little changes all over the place.
Here is the ipass block with some thoughts.

 /* special command for hidden input */
 if (!strncmp(line, "ipass", 5)) {
 char *p, *c;
 char buffer[MAXUSERPASS];
 int realtotal;
 if (!cw->browseMode && (cmd == 'i' || cx)) {
#  why query cmd and cx, neither has been set to anything at this point.
#  cmd is the default p for print, I think.
 setError(MSG_NoBrowse);
 return false;
 }
 if (endRange > startRange && cmd == 'i') {
#  again, cmd will not be set to i.
#  Did you test all these cases?  1,3ipass will probably not fall into this
#  block the way you want it to. You should test every pathway.
 setError(MSG_RangeI, c);
#  c has not been set.
# setError(MSG_RangeI, '=');
 return false;
 }

 s = line + 5;
#  is cx set to 0 at this point? I think so.
 if (isdigitByte(*s))
 cx = strtol(s, (char **)&s, 10);
 else if (*s == '$')
 cx = -1, ++s;
 /* XXX try to guess cx if only one password input field? */

 cw->dot = endRange;
 p = (char*)fetchLine(cw->dot, -1);
 findInputField(p, 1, cx, &n, &realtotal, &tagno);
 debugPrint(5, "findField returns %d.%d", n, tagno);
 if (!tagno) {
 fieldNumProblem(0, "ipass", cx, n, realtotal);
 return false;
 }

 prompt_and_read(MSG_Password, buffer, MAXUSERPASS,
 MSG_PasswordLong, true);

 tagList[tagno]->itype = INP_PW;
#  Hold it! I have a real problem overriding the html tag type.
#  Mostly on philosophical grounds. I think others will as well.
#  Chris says it is always password when it's suppose to be a password,
#  almost always, so don't think we should change it.
#  In an extreme case it could have been a select list, menu of choices,
#  and now it's just a password text field and I'm sure that will
#  make something blow up somewhere.

 rc = infReplace(tagno, buffer, true);
 return rc;
 }

I haven't looked at the other routines.
edbrowse is a fragile thing, maybe because it isn't coded well,
I admit that, it just means we have to look at each line of code as it walks in the door.

Karl Dahlke