Also redact percent-escaped passwords which may appear in the metadata for webadmin installs

src/yunohost/app.py

@@ -35,6 +35,7 @@ import subprocess
 import glob
 import pwd
 import grp
+import urllib
 from collections import OrderedDict
 from datetime import datetime
 
@@ -809,9 +810,14 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu
 
     # Start register change on system
     operation_logger.extra.update({'env': env_dict})
+
     # Tell the operation_logger to redact all password-type args
+    # Also redact the % escaped version of the password that might appear in
+    # the 'args' section of metadata (relevant for password with non-alphanumeric char)
     data_to_redact = [ value[0] for value in args_odict.values() if value[1] == "password" ]
+    data_to_redact += [ urllib.quote(data) for data in data_to_redact if urllib.quote(data) != data ]
     operation_logger.data_to_redact.extend(data_to_redact)
+
     operation_logger.related_to = [s for s in operation_logger.related_to if s[0] != "app"]
     operation_logger.related_to.append(("app", app_id))
     operation_logger.start()