[prev in list] [next in list] [prev in thread] [next in thread]
List: tmda-cvs
Subject: CVS: tmda/bin ChangeLog,1.92,1.93 tmda-filter,1.75,1.76
From: "Jason R. Mastaler" <jasonrm () users ! sourceforge ! net>
Date: 2001-10-24 17:39:01
[Download RAW message or body]
Update of /cvsroot/tmda/tmda/bin
In directory usw-pr-cvs1:/tmp/cvs-serv3450/bin
Modified Files:
ChangeLog tmda-filter
Log Message:
Make sure the confirmation cookie unpacks into 4 elements (action,
timestamp, pid, HMAC) or else we consider it bogus and request
confirmation. This fixes a bug where Python would raise a ValueError
if you sent a message to `user-confirm-foo' for example.
Reported by Kirill Miazine.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/ChangeLog,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- ChangeLog 2001/10/24 16:44:03 1.92
+++ ChangeLog 2001/10/24 17:38:59 1.93
@@ -1,5 +1,11 @@
2001-10-24 Jason R. Mastaler <jasonrm@nightshade.la.mastaler.com>
+ * tmda-filter (verify_confirm_cookie): Make sure the cookie
+ unpacks into 4 elements (action, timestamp, pid, HMAC) or else we
+ consider it bogus and request confirmation. This fixes a bug
+ where Python would raise a ValueError if you sent a message to
+ `user-confirm-foo' for example. Reported by Kirill Miazine.
+
* tmda-inject (inject_message): Add support for keyword message
tagging.
Index: tmda-filter
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-filter,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- tmda-filter 2001/10/24 00:00:26 1.75
+++ tmda-filter 2001/10/24 17:38:59 1.76
@@ -300,8 +300,12 @@
def verify_confirm_cookie(confirm_cookie):
"""Verify a confirmation cookie."""
- (confirm_action, confirm_timestamp,
- confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
+ # Save some time if the cookie is bogus.
+ try:
+ (confirm_action, confirm_timestamp,
+ confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
+ except ValueError:
+ bouncegen('request')
# pre-confirmation
if confirm_action == 'accept':
new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,
_______________________________________________
tmda-cvs mailing list
http://libertine.org/lists/listinfo/tmda-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic