'CVS: tmda/bin ChangeLog,1.92,1.93 tmda-filter,1.75,1.76'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tmda-cvs
Subject:    CVS: tmda/bin ChangeLog,1.92,1.93 tmda-filter,1.75,1.76
From:       "Jason R. Mastaler" <jasonrm () users ! sourceforge ! net>
Date:       2001-10-24 17:39:01
[Download RAW message or body]

Update of /cvsroot/tmda/tmda/bin
In directory usw-pr-cvs1:/tmp/cvs-serv3450/bin

Modified Files:
	ChangeLog tmda-filter 
Log Message:
Make sure the confirmation cookie unpacks into 4 elements (action,
timestamp, pid, HMAC) or else we consider it bogus and request
confirmation.  This fixes a bug where Python would raise a ValueError
if you sent a message to `user-confirm-foo' for example.

Reported by Kirill Miazine.


Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/ChangeLog,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- ChangeLog	2001/10/24 16:44:03	1.92
+++ ChangeLog	2001/10/24 17:38:59	1.93
@@ -1,5 +1,11 @@
 2001-10-24  Jason R. Mastaler  <jasonrm@nightshade.la.mastaler.com>
 
+	* tmda-filter (verify_confirm_cookie): Make sure the cookie
+	unpacks into 4 elements (action, timestamp, pid, HMAC) or else we
+	consider it bogus and request confirmation.  This fixes a bug
+	where Python would raise a ValueError if you sent a message to
+	`user-confirm-foo' for example.  Reported by Kirill Miazine.
+
 	* tmda-inject (inject_message): Add support for keyword message
 	tagging.
 

Index: tmda-filter
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-filter,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- tmda-filter	2001/10/24 00:00:26	1.75
+++ tmda-filter	2001/10/24 17:38:59	1.76
@@ -300,8 +300,12 @@
 
 def verify_confirm_cookie(confirm_cookie):
     """Verify a confirmation cookie."""
-    (confirm_action, confirm_timestamp,
-     confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
+    # Save some time if the cookie is bogus.
+    try:
+        (confirm_action, confirm_timestamp,
+         confirm_pid, confirm_hmac) = string.split(confirm_cookie,'.')
+    except ValueError:
+        bouncegen('request')
     # pre-confirmation
     if confirm_action == 'accept':
         new_confirm_hmac = Cookie.confirmationmac(confirm_timestamp,

_______________________________________________
tmda-cvs mailing list
http://libertine.org/lists/listinfo/tmda-cvs

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic