Yahoo 16 HTTP login

John Bailey rekkanoryo at rekkanoryo.org
Wed May 13 22:28:32 EDT 2009


Hey, guys,

As most of you know, Sulabh has taken the time to commit a working Yahoo
protocol version 16 HTTP login method.  The initial revision did not work at all
for Yahoo Japan accounts, so I found the appropriate Japan URL's (which was
ridiculously simple--change yahoo.com to yahoo.co.jp) and committed these.

Paul has also spent some time making some minor improvements, such as reducing
magic values in the code, moving the login URL from being hardcoded in request
calls to being defined constants, and some other general spacing cleanups to
improve consistency with the rest of libpurple.

We discussed in #pidgin and devel at conference.pidgin.im that this login method
discloses a user's password in the debug log, and thus would be a problem when
we need a user to capture a debug log.  There were a number of proposed
solutions, but the one that seemd to get the most positive reaction (and had no
objections) was making the URL request functions log the full URL only when the
environment variable PURPLE_UNSAFE_DEBUG was set.  Following this rough
consensus, I have committed to im.pidgin.cpw.sulabh.yahoo_16 a revision which
causes libpurple to behave as such.

Ka-Hing seemed to have no objection to changing the PURPLE_MSN_UNSAFE_DEBUG he'd
already introduced a while back, so I changed that to use PURPLE_UNSAFE_DEBUG as
well.

I'd like some opinions on that revision
(c1ede5faf776dc1cc966dabb42c1ef0dbaea31db).  I'm also wondering if it might make
more sense to remove the variable and instead add an --unsafe-debug argument
that sets a flag we can use instead of needing to call g_getenv() all over the
place.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20090513/677e07a7/attachment.sig>


More information about the Devel mailing list