From: jhermann Date: Wed, 7 Nov 2001 02:34:06 +0000 (+0000) Subject: Handling of damaged login cookies X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3b4fcc1a4e708ce0980029b8dec0a3d5acfff4cd;p=roundup.git Handling of damaged login cookies git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@376 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py index f1e960e..43b648e 100644 --- a/roundup/cgi_client.py +++ b/roundup/cgi_client.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: cgi_client.py,v 1.54 2001-11-07 01:16:12 richard Exp $ +# $Id: cgi_client.py,v 1.55 2001-11-07 02:34:06 jhermann Exp $ import os, cgi, pprint, StringIO, urlparse, re, traceback, mimetypes import binascii, Cookie, time @@ -723,7 +723,12 @@ class Client: cookie = cookie['roundup_user'].value if len(cookie)%4: cookie = cookie + '='*(4-len(cookie)%4) - user, password = binascii.a2b_base64(cookie).split(':') + try: + user, password = binascii.a2b_base64(cookie).split(':') + except (TypeError, binascii.Error, binascii.Incomplete): + # damaged cookie! + user, password = 'anonymous', '' + # make sure the user exists try: uid = self.db.user.lookup(user) @@ -950,6 +955,9 @@ def parsePropsFromForm(db, cl, form, nodeid=0): # # $Log: not supported by cvs2svn $ +# Revision 1.54 2001/11/07 01:16:12 richard +# Remove the '=' padding from cookie value so quoting isn't an issue. +# # Revision 1.53 2001/11/06 23:22:05 jhermann # More IE fixes: it does not like quotes around cookie values; in the # hope this does not break anything for other browser; if it does, we