diff options
Diffstat (limited to 'Mailman/SecurityManager.py')
| -rw-r--r-- | Mailman/SecurityManager.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py index 917b40839..74fc2efb6 100644 --- a/Mailman/SecurityManager.py +++ b/Mailman/SecurityManager.py @@ -102,9 +102,24 @@ class SecurityManager: return c def CheckCookie(self, key): - if not os.environ.has_key('HTTP_COOKIE'): + cookiedata = os.environ.get('HTTP_COOKIE') + if not cookiedata: return 0 - c = Cookie.Cookie(os.environ['HTTP_COOKIE']) + # + # TBD: At least some versions of MS Internet Explorer stores cookies + # without the double quotes. This has been verified for MSIE 4.01, + # although MSIE 5 is fixed. The bug (see PR#80) is that if these + # double quotes are missing, the cookie data does not unpickle + # into the list that we expect. The kludge given here (slightly + # modified) was initially provided by Evaldas Auryla + # <evaldas.auryla@pheur.org> + # +## self.LogMsg('debug', 'Browser Cookie: ' + cookiedata) + keylen = len(key) + if cookiedata[keylen+1] <> '"' and cookiedata[-1] <> '"': + cookiedata = key + '="' + cookiedata[keylen+1:] + '"' +## self.LogMsg('debug', 'Using Cookie: ' + cookiedata) + c = Cookie.Cookie(cookiedata) if not c.has_key(key): return 0 cookie = c[key].value |