[Checkins] SVN: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ Fixed possible TypeError in extractCredentials of CookieAuthHelper when the __ac cookie is not ours (but e.g. from plone.session, though even then only in a corner case).
Maurits van Rees
m.van.rees at zestsoftware.nl
Thu Aug 12 15:45:12 EDT 2010
Hi Wichert,
Op 12-08-10 19:44, Wichert Akkerman schreef:
> On 2010-8-12 16:43, Maurits van Rees wrote:
>> + try:
>> + creds['login'] = login.decode('hex')
>> + creds['password'] = password.decode('hex')
>> + except TypeError:
>> + # Cookie is in a different format, so it is not ours
>> + return creds
>
> That looks incorrect: if the password.decode fails you are now
> returning a half credential set with only login set, instead of an
> empty set.
Ah, good catch, will fix.
--
Maurits van Rees
Programmer, Zest Software
More information about the checkins
mailing list