5 files changed, 43 insertions, 11 deletions

diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index 71844b847..1184aebee 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -32,7 +32,7 @@ class DokuHTTPClient extends HTTPClient {
         $this->proxy_host = $conf['proxy']['host'];
         $this->proxy_port = $conf['proxy']['port'];
         $this->proxy_user = $conf['proxy']['user'];
-        $this->proxy_pass = $conf['proxy']['pass'];
+        $this->proxy_pass = conf_decodeString($conf['proxy']['pass']);
         $this->proxy_ssl  = $conf['proxy']['ssl'];
     }
 }
diff --git a/inc/confutils.php b/inc/confutils.php
index 5b48e97dd..2099ba949 100644
--- a/inc/confutils.php
+++ b/inc/confutils.php
@@ -238,5 +238,34 @@ function useHeading($linktype) {
   return (!empty($useHeading[$linktype]));
 }
 
-
+/**
+ * obscure config data so information isn't plain text
+ *
+ * @param string       $str     data to be encoded
+ * @param string       $code    encoding method, values: plain, base64, uuencode.
+ * @return string               the encoded value
+ */
+function conf_encodeString($str,$code) {
+  switch ($code) {
+  	case 'base64'   : return '<b>'.base64_encode($str);
+  	case 'uuencode' : return '<u>'.convert_uuencode($str);
+  	case 'plain':
+  	default:
+  	  return $str;
+  }
+}
+/**
+ * return obscured data as plain text
+ *
+ * @param  string      $str   encoded data
+ * @return string             plain text
+ */
+function conf_decodeString($str) {
+	switch (substr($str,0,3)) {
+	  case '<b>' : return base64_decode(substr($str,3));
+	  case '<u>' : return convert_uudecode(substr($str,3));
+	  default:  // not encode (or unknown)
+	  	return $str;
+	}
+}
 //Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/inc/io.php b/inc/io.php
index 1c0e86104..2eb94db0c 100644
--- a/inc/io.php
+++ b/inc/io.php
@@ -424,7 +424,7 @@ function io_mkdir_ftp($dir){
     return false;
   }
 
-  if(!@ftp_login($conn, $conf['ftp']['user'], $conf['ftp']['pass'])){
+  if(!@ftp_login($conn, $conf['ftp']['user'], conf_decodeString($conf['ftp']['pass']))){
     msg("FTP login failed",-1);
     return false;
   }
diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php
index c3531d6f3..b62c16a7e 100644
--- a/lib/plugins/config/settings/config.class.php
+++ b/lib/plugins/config/settings/config.class.php
@@ -22,7 +22,7 @@ if (!class_exists('configuration')) {
     var $_default_files  = array();
     var $_local_files = array();      // updated configuration is written to the first file
     var $_protected_files = array();
-    
+
     var $_plugin_list = null;
 
     /**
@@ -127,13 +127,13 @@ if (!class_exists('configuration')) {
       fclose($fh);
       return true;
     }
-    
+
     function _read_config_group($files) {
       $config = array();
       foreach ($files as $file) {
         $config = array_merge($config, $this->_read_config($file));
       }
-      
+
       return $config;
     }
 
@@ -477,6 +477,8 @@ if (!class_exists('setting_string')) {
 if (!class_exists('setting_password')) {
   class setting_password extends setting_string {
 
+    var $_code = 'plain';  // mechanism to be used to obscure passwords
+
     function update($input) {
         if ($this->is_protected()) return false;
         if (!$input) return false;
@@ -487,7 +489,7 @@ if (!class_exists('setting_password')) {
           return false;
         }
 
-        $this->_local = $input;
+        $this->_local = conf_encodeString($input,$this->_code);
         return true;
     }
 
@@ -888,7 +890,6 @@ if (!class_exists('setting_multicheckbox')) {
   }
 }
 
-
 /**
  *  Provide php_strip_whitespace (php5 function) functionality
  *
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index 8c856af1b..6c979574e 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -22,7 +22,8 @@
  *   'email'        - text input, input must conform to email address format, setting output in quotes
  *   'richemail'    - text input, input must conform to email address format but accepts variables and
  *                    emails with a real name prepended (when email address is given in <>)
- *   'password'     - password input, minimal input validation, setting output plain text in quotes
+ *   'password'     - password input, minimal input validation, setting output text in quotes, maybe encoded
+ *                    according to the _code parameter
  *   'dirchoice'    - as multichoice, selection choices based on folders found at location specified in _dir
  *                    parameter (required). A pattern can be used to restrict the folders to only those which
  *                    match the pattern.
@@ -52,6 +53,7 @@
  *                   required by 'dirchoice' class, ignored by other classes
  *   '_combine'    - complimentary output setting values which can be combined into a single display checkbox
  *                   optional for 'multicheckbox', ignored by other classes
+ *   '_code'       - encoding method to use, accepted values: 'base64','uuencode','plain'.  defaults to plain.
  *
  * @author    Chris Smith <chris@jalakai.co.uk>
  */
@@ -189,12 +191,12 @@ $meta['_network']    = array('fieldset');
 $meta['proxy____host'] = array('string','_pattern' => '#^(|[a-z0-9\-\.+]+)$#i');
 $meta['proxy____port'] = array('numericopt');
 $meta['proxy____user'] = array('string');
-$meta['proxy____pass'] = array('password');
+$meta['proxy____pass'] = array('password','_code' => 'base64');
 $meta['proxy____ssl']  = array('onoff');
 $meta['safemodehack'] = array('onoff');
 $meta['ftp____host']  = array('string','_pattern' => '#^(|[a-z0-9\-\.+]+)$#i');
 $meta['ftp____port']  = array('numericopt');
 $meta['ftp____user']  = array('string');
-$meta['ftp____pass']  = array('password');
+$meta['ftp____pass']  = array('password','_code' => 'base64');
 $meta['ftp____root']  = array('string');