From 665bf172f7e264bdceeec24fabd5d1d7dbc894b6 Mon Sep 17 00:00:00 2001
From: Derek DeMoro <derek@jivesoftware.com>
Date: Thu, 16 Feb 2006 20:07:18 +0000
Subject: [PATCH] Smack now escapes passwords.

git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@3470 b35dd754-fafc-0310-a699-88a17e54d16e
---
 .../org/jivesoftware/smack/packet/Authentication.java  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/source/org/jivesoftware/smack/packet/Authentication.java b/source/org/jivesoftware/smack/packet/Authentication.java
index 3ff5b8a87..dce690b40 100644
--- a/source/org/jivesoftware/smack/packet/Authentication.java
+++ b/source/org/jivesoftware/smack/packet/Authentication.java
@@ -38,7 +38,7 @@ public class Authentication extends IQ {
      * "set" mode in order to perform an actual authentication with the server.
      * In order to send a "get" request to get the available authentication
      * modes back from the server, change the type of the IQ packet to "get":
-     *
+     * <p/>
      * <p><tt>setType(IQ.Type.GET);</tt>
      */
     public Authentication() {
@@ -105,7 +105,7 @@ public class Authentication extends IQ {
      * authentication mode will be used.
      *
      * @param connectionID the connection ID.
-     * @param password the password.
+     * @param password     the password.
      * @see org.jivesoftware.smack.XMPPConnection#getConnectionID()
      */
     public void setDigest(String connectionID, String password) {
@@ -120,7 +120,7 @@ public class Authentication extends IQ {
      * If only one value is set, the respective authentication mode will be used.
      *
      * @param digest the digest, which is the SHA-1 hash of the connection ID
-     *      the user's password, encoded as hex.
+     *               the user's password, encoded as hex.
      * @see org.jivesoftware.smack.XMPPConnection#getConnectionID()
      */
     public void setDigest(String digest) {
@@ -153,7 +153,7 @@ public class Authentication extends IQ {
                 buf.append("<username/>");
             }
             else {
-                buf.append("<username>").append( username).append("</username>");
+                buf.append("<username>").append(username).append("</username>");
             }
         }
         if (digest != null) {
@@ -169,7 +169,7 @@ public class Authentication extends IQ {
                 buf.append("<password/>");
             }
             else {
-                buf.append("<password>").append(password).append("</password>");
+                buf.append("<password>").append(StringUtils.escapeForXML(password)).append("</password>");
             }
         }
         if (resource != null) {