FAQ
For folks having trouble with interoperability of Mailman 2.0 and 2.1
cookies, could you please try the following patch?

-Barry

-------------------- snip snip --------------------
Index: SecurityManager.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v
retrieving revision 2.20
diff -u -r2.20 SecurityManager.py
--- SecurityManager.py 2 Dec 2002 14:03:45 -0000 2.20
+++ SecurityManager.py 31 Jan 2003 06:38:47 -0000
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -47,11 +47,12 @@
# also relies on the security of SHA1.

import os
-import time
+import re
import sha
+import time
+import Cookie
import marshal
import binascii
-import Cookie
from types import StringType, TupleType
from urlparse import urlparse

@@ -269,14 +270,12 @@
cookiedata = os.environ.get('HTTP_COOKIE')
if not cookiedata:
return 0
- # Treat the cookie data as simple strings, and do application level
- # decoding as necessary. By using SimpleCookie, we prevent any kind
- # of security breach due to untrusted cookie data being unpickled
- # (which is quite unsafe).
- try:
- c = Cookie.SimpleCookie(cookiedata)
- except Cookie.CookieError:
- return 0
+ # We can't use the Cookie module here because it isn't liberal in what
+ # it accepts. Feed it a MM2.0 cookie along with a MM2.1 cookie and
+ # you get a CookieError. :(. All we care about is accessing the
+ # cookie data via getitem, so we'll use our own parser, which returns
+ # a dictionary.
+ c = parsecookie(cookiedata)
# If the user was not supplied, but the authcontext is AuthUser, we
# can try to glean the user address from the cookie key. There may be
# more than one matching key (if the user has multiple accounts
@@ -316,7 +315,7 @@
# simply request reauthorization, resulting in a new cookie being
# returned to the client.
try:
- data = marshal.loads(binascii.unhexlify(c[key].value))
+ data = marshal.loads(binascii.unhexlify(c[key]))
issued, received_mac = data
except (EOFError, ValueError, TypeError, KeyError):
return 0
@@ -331,3 +330,14 @@
return 0
# Authenticated!
return 1
+
+
+
+splitter = re.compile(';\s*')
+
+def parsecookie(s):
+ c = {}
+ for p in splitter.split(s):
+ k, v = p.split('=')
+ c[k] = v
+ return c

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedJan 31, '03 at 6:40a
activeJan 31, '03 at 6:40a
posts1
users1
websitelist.org

1 user in discussion

Barry: 1 post

People

Translate

site design / logo © 2022 Grokbase