diff --git a/src/utils/__tests__/PhutilUtilsTestCase.php b/src/utils/__tests__/PhutilUtilsTestCase.php --- a/src/utils/__tests__/PhutilUtilsTestCase.php +++ b/src/utils/__tests__/PhutilUtilsTestCase.php @@ -608,18 +608,18 @@ // NOTE: We're liberal about censoring here, since we can't tell // if this is a truncated password at the end of an input string // or a domain name. The version with a "/" isn't censored. - 'http://example.com' => 'http://xxxxx', + 'http://example.com' => 'http://********', 'http://example.com/' => 'http://example.com/', - 'http://username@example.com' => 'http://xxxxx@example.com', - 'http://user:pass@example.com' => 'http://xxxxx@example.com', + 'http://username@example.com' => 'http://********@example.com', + 'http://user:pass@example.com' => 'http://********@example.com', // We censor these because they might be truncated credentials at the end // of the string. - 'http://user' => 'http://xxxxx', - "http://user\n" => "http://xxxxx\n", + 'http://user' => 'http://********', + "http://user\n" => "http://********\n", - 'svn+ssh://user:pass@example.com' => 'svn+ssh://xxxxx@example.com', + 'svn+ssh://user:pass@example.com' => 'svn+ssh://********@example.com', ); foreach ($cases as $input => $expect) { diff --git a/src/utils/utils.php b/src/utils/utils.php --- a/src/utils/utils.php +++ b/src/utils/utils.php @@ -1346,7 +1346,7 @@ * be identified censored. */ function phutil_censor_credentials($string) { - return preg_replace(',(?<=://)([^/@\s]+)(?=@|$),', 'xxxxx', $string); + return preg_replace(',(?<=://)([^/@\s]+)(?=@|$),', '********', $string); } diff --git a/src/xsprintf/csprintf.php b/src/xsprintf/csprintf.php --- a/src/xsprintf/csprintf.php +++ b/src/xsprintf/csprintf.php @@ -124,7 +124,7 @@ if ($is_unmasked) { $value = $value->openEnvelope(); } else { - $value = 'xxxxx'; + $value = '********'; } $value = PhutilCommandString::escapeArgument($value, $mode); $type = 's';