Martin Geisler <mg@aragost.com> [Fri, 13 Aug 2010 10:53:10 +0200] rev 11838
url: limit expansion to safe auth keys (Issue2328)
Mads Kiilerich pointed out that 7c9beccb0533 was too eager since the
prefix and password keys may contain $-signs. So this only add the
username to the list of keys that are expanded.
This also updates the documentation to match.