diff options
| -rw-r--r-- | Mailman/Cgi/admin.py | 10 | ||||
| -rw-r--r-- | Mailman/Cgi/private.py | 4 | ||||
| -rwxr-xr-x | modules/Cgi/admin.py | 10 | ||||
| -rwxr-xr-x | modules/Cgi/private.py | 4 |
4 files changed, 12 insertions, 16 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py index c9155c87e..e8e9a1d08 100644 --- a/Mailman/Cgi/admin.py +++ b/Mailman/Cgi/admin.py @@ -21,7 +21,7 @@ To run stand-alone for debugging, set env var PATH_INFO to name of list and, optionally, options category.""" -__version__ = "$Revision: 734 $" +__version__ = "$Revision: 741 $" import sys import os, cgi, string, crypt, types, time @@ -102,7 +102,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"): token = md5.new(SECRET + list_name + SECRET).digest() token = base64.encodestring(token) - token = string.strip(token) + token = string.replace(token, "\n", "@") c = Cookie.Cookie() cookie_key = list_name + "-admin" c[cookie_key] = token @@ -113,11 +113,9 @@ def isAuthenticated(list, password=None, SECRET="SECRET"): c = Cookie.Cookie( os.environ['HTTP_COOKIE'] ) if c.has_key(list_name + "-admin"): try: - inp = base64.decodestring(c[list_name + "-admin"].value) + inp = base64.decodestring(string.replace( + c[list_name + "-admin"].value, "@", "\n")) check = md5.new(SECRET+list_name+SECRET).digest() - except Error: # the decodestring may return incorrect padding? - raise 'Decode failed' - return 0 if inp == check: return 1 else: diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py index 4a06a7270..eb1352ded 100644 --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -110,7 +110,7 @@ def isAuthenticated(list_name): if c.has_key(list_name): # The user has a token like 'c++-sig=AE23446AB...'; verify # that it's correct. - token = c[list_name].value + token = string.replace(c[list_name].value,"@","\n") import base64, md5 if base64.decodestring(token) != md5.new(SECRET + list_name @@ -152,7 +152,7 @@ def isAuthenticated(list_name): import base64, md5 token = md5.new(SECRET + list_name + SECRET).digest() token = base64.encodestring(token) - token = string.strip(token) + token = string.replace(token, "\n", "@") c = Cookie.Cookie() c[list_name] = token print c # Output the cookie diff --git a/modules/Cgi/admin.py b/modules/Cgi/admin.py index c9155c87e..e8e9a1d08 100755 --- a/modules/Cgi/admin.py +++ b/modules/Cgi/admin.py @@ -21,7 +21,7 @@ To run stand-alone for debugging, set env var PATH_INFO to name of list and, optionally, options category.""" -__version__ = "$Revision: 734 $" +__version__ = "$Revision: 741 $" import sys import os, cgi, string, crypt, types, time @@ -102,7 +102,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"): token = md5.new(SECRET + list_name + SECRET).digest() token = base64.encodestring(token) - token = string.strip(token) + token = string.replace(token, "\n", "@") c = Cookie.Cookie() cookie_key = list_name + "-admin" c[cookie_key] = token @@ -113,11 +113,9 @@ def isAuthenticated(list, password=None, SECRET="SECRET"): c = Cookie.Cookie( os.environ['HTTP_COOKIE'] ) if c.has_key(list_name + "-admin"): try: - inp = base64.decodestring(c[list_name + "-admin"].value) + inp = base64.decodestring(string.replace( + c[list_name + "-admin"].value, "@", "\n")) check = md5.new(SECRET+list_name+SECRET).digest() - except Error: # the decodestring may return incorrect padding? - raise 'Decode failed' - return 0 if inp == check: return 1 else: diff --git a/modules/Cgi/private.py b/modules/Cgi/private.py index 4a06a7270..eb1352ded 100755 --- a/modules/Cgi/private.py +++ b/modules/Cgi/private.py @@ -110,7 +110,7 @@ def isAuthenticated(list_name): if c.has_key(list_name): # The user has a token like 'c++-sig=AE23446AB...'; verify # that it's correct. - token = c[list_name].value + token = string.replace(c[list_name].value,"@","\n") import base64, md5 if base64.decodestring(token) != md5.new(SECRET + list_name @@ -152,7 +152,7 @@ def isAuthenticated(list_name): import base64, md5 token = md5.new(SECRET + list_name + SECRET).digest() token = base64.encodestring(token) - token = string.strip(token) + token = string.replace(token, "\n", "@") c = Cookie.Cookie() c[list_name] = token print c # Output the cookie |