From e3ae45fa12e1791888f22af6ae1693a51c63918c Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Sun, 8 May 2016 17:22:25 +0100
Subject: [PATCH] Replace username as well if it looks like a github oauth
 token

---
 src/Composer/Util/Git.php             | 8 +++++++-
 src/Composer/Util/ProcessExecutor.php | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/Composer/Util/Git.php b/src/Composer/Util/Git.php
index 54abcb1b8..51e1b0a5a 100644
--- a/src/Composer/Util/Git.php
+++ b/src/Composer/Util/Git.php
@@ -251,7 +251,13 @@ class Git
 
     public static function sanitizeUrl($message)
     {
-        return preg_replace('{://([^@]+?):.+?@}', '://$1:***@', $message);
+        return preg_replace_callback('{://(?P<user>[^@]+?):(?P<password>.+?)@}', function ($m) {
+            if (preg_match('{^[a-f0-9]{12,}$}', $m[1])) {
+                return '://***:***@';
+            }
+
+            return '://'.$m[1].':***@';
+        }, $message);
     }
 
     private function throwException($message, $url)
diff --git a/src/Composer/Util/ProcessExecutor.php b/src/Composer/Util/ProcessExecutor.php
index 6b778e5eb..adad1c3fc 100644
--- a/src/Composer/Util/ProcessExecutor.php
+++ b/src/Composer/Util/ProcessExecutor.php
@@ -44,7 +44,13 @@ class ProcessExecutor
     public function execute($command, &$output = null, $cwd = null)
     {
         if ($this->io && $this->io->isDebug()) {
-            $safeCommand = preg_replace('{(://[^:/\s]+:)[^@\s/]+}i', '$1****', $command);
+            $safeCommand = preg_replace('{(://)(?P<user>[^:/\s]+):(?P<password>[^@\s/]+)}i', function ($m) {
+                if (preg_match('{^[a-f0-9]{12,}$}', $m[1])) {
+                    return '://***:***';
+                }
+
+                return '://'.$m[1].':***';
+            }, $command);
             $this->io->writeError('Executing command ('.($cwd ?: 'CWD').'): '.$safeCommand);
         }