From 2443d46a9ead610cdeebdc389f7b05356216d93e Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Sat, 14 Mar 2015 01:09:37 +0100
Subject: webfs: do not send credentials in automatic referer url

---
 sys/src/cmd/webfs/fs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/src/cmd/webfs/fs.c b/sys/src/cmd/webfs/fs.c
index 117bdc0b4..981884417 100644
--- a/sys/src/cmd/webfs/fs.c
+++ b/sys/src/cmd/webfs/fs.c
@@ -421,6 +421,11 @@ fsopen(Req *r)
 						u->host = smprint("%H", r);
 						free(r);
 					}
+
+					/* do not send credentials */
+					free(u->user); u->user = nil;
+					free(u->pass); u->pass = nil;
+
 					if(r = smprint("%U", u)){
 						cl->hdr = addkey(cl->hdr, "Referer", r);
 						free(r);
-- 
cgit v1.2.3