From 3b4fcc1a4e708ce0980029b8dec0a3d5acfff4cd Mon Sep 17 00:00:00 2001
From: jhermann <jhermann@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Wed, 7 Nov 2001 02:34:06 +0000
Subject: [PATCH] Handling of damaged login cookies

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@376 57a73879-2fb5-44c3-a270-3262357dd7e2
---
 roundup/cgi_client.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py
index f1e960e..43b648e 100644
--- a/roundup/cgi_client.py
+++ b/roundup/cgi_client.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: cgi_client.py,v 1.54 2001-11-07 01:16:12 richard Exp $
+# $Id: cgi_client.py,v 1.55 2001-11-07 02:34:06 jhermann Exp $
 
 import os, cgi, pprint, StringIO, urlparse, re, traceback, mimetypes
 import binascii, Cookie, time
@@ -723,7 +723,12 @@ class Client:
             cookie = cookie['roundup_user'].value
             if len(cookie)%4:
               cookie = cookie + '='*(4-len(cookie)%4)
-            user, password = binascii.a2b_base64(cookie).split(':')
+            try:
+                user, password = binascii.a2b_base64(cookie).split(':')
+            except (TypeError, binascii.Error, binascii.Incomplete):
+                # damaged cookie!
+                user, password = 'anonymous', ''
+
             # make sure the user exists
             try:
                 uid = self.db.user.lookup(user)
@@ -950,6 +955,9 @@ def parsePropsFromForm(db, cl, form, nodeid=0):
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.54  2001/11/07 01:16:12  richard
+# Remove the '=' padding from cookie value so quoting isn't an issue.
+#
 # Revision 1.53  2001/11/06 23:22:05  jhermann
 # More IE fixes: it does not like quotes around cookie values; in the
 # hope this does not break anything for other browser; if it does, we
-- 
2.30.2