From 078973d862053582afddc86c366b26d28fe5075a Mon Sep 17 00:00:00 2001
From: Thomas Hochstein <thh@thh.name>
Date: Sun, 8 Feb 2026 01:08:00 +0100
Subject: [PATCH] Hide MySQL config for unauthenticated users.

Signed-off-by: Thomas Hochstein <thh@thh.name>
---
 ChangeLog         | 1 +
 MOD/Displaylib.pm | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index b722645..cd07f5a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@ huhu 0.11.0 (unreleased)
   * Only connect to newsserver if there are approved posts.
   * Fix headers with continuation immediately at start.
   * Add cronjob to remove old backup messages.
+  * Hide MySQL config for unauthenticated users.
 
 huhu 0.10 (unknown)
   * huhu reports version 0.09 (from MOD/Displaylib.pm), but has code
diff --git a/MOD/Displaylib.pm b/MOD/Displaylib.pm
index 6af529b..733fc73 100644
--- a/MOD/Displaylib.pm
+++ b/MOD/Displaylib.pm
@@ -76,6 +76,8 @@ sub new($$$)
     my $authentication = $configref->{'http_authentication_method'};
     die "No 'http_authentication_method' in configuration file." unless($authentication);
 
+    $self->{'http_auth'} = $authentication;
+
     if ($q->auth_type() && $q->auth_type() eq $authentication)
     {
       $self->{'user_name'} = $q->remote_user();
@@ -799,7 +801,8 @@ sub display_config($)
   my @key = SHOW_CONFIG;
   for my $key(@key)
   {
-    printf "<tr><td>%s</td><td>%s</td></tr>", $key, $config->{$key};
+    printf "<tr><td>%s</td><td>%s</td></tr>", $key, $config->{$key}
+    unless ($self->{'http_auth'} eq 'None' && $key =~ /^mysql/);
   }
   print "</table>";