Hi,
I've built an XML-RPC application built on Zope3 (3.4.1) components.
I noticed that when a user is having one or more colons in his
password, an exception is raised :
File '/var/local/eggs/zope.app.wsgi-3.4.3-py2.5.egg/zope/app/wsgi/__init__.py', line 55 in __call__
request = publish(request, handle_errors=handle_errors)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/publish.py', line 130 in publish
obj = request.traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/http.py', line 464 in traverse
ob = super(HTTPRequest, self).traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/base.py', line 252 in traverse
publication.callTraversalHooks(self, obj)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 129 in callTraversalHooks
self._maybePlacefullyAuthenticate(request, ob)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 116 in _maybePlacefullyAuthenticate
principal = auth.authenticate(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/authentication.py', line 72 in authenticate
credentials = credplugin.extractCredentials(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/httpplugins.py', line 89 in extractCredentials
login, password = base64.decodestring(credentials).split(':')
ValueError: too many values to unpack
So maybe I'm wrong, but shouldn't the last instruction be replaced
with :
login, password = base64.decodestring(credentials).split(':', 1)
Regards,
Thierry Florac
--
Chef de projets intranet/internet
Office National des Forêts - Département Informatique
2, Avenue de Saint-Mandé
75570 Paris Cedex 12
Tél. : 01 40 19 59 64
Fax. : 01 40 19 58 85
Mél. : thierry.florac@onf.fr
Web. : http://www.onf.fr
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
I've built an XML-RPC application built on Zope3 (3.4.1) components.
I noticed that when a user is having one or more colons in his
password, an exception is raised :
File '/var/local/eggs/zope.app.wsgi-3.4.3-py2.5.egg/zope/app/wsgi/__init__.py', line 55 in __call__
request = publish(request, handle_errors=handle_errors)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/publish.py', line 130 in publish
obj = request.traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/http.py', line 464 in traverse
ob = super(HTTPRequest, self).traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/base.py', line 252 in traverse
publication.callTraversalHooks(self, obj)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 129 in callTraversalHooks
self._maybePlacefullyAuthenticate(request, ob)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 116 in _maybePlacefullyAuthenticate
principal = auth.authenticate(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/authentication.py', line 72 in authenticate
credentials = credplugin.extractCredentials(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/httpplugins.py', line 89 in extractCredentials
login, password = base64.decodestring(credentials).split(':')
ValueError: too many values to unpack
So maybe I'm wrong, but shouldn't the last instruction be replaced
with :
login, password = base64.decodestring(credentials).split(':', 1)
Regards,
Thierry Florac
--
Chef de projets intranet/internet
Office National des Forêts - Département Informatique
2, Avenue de Saint-Mandé
75570 Paris Cedex 12
Tél. : 01 40 19 59 64
Fax. : 01 40 19 58 85
Mél. : thierry.florac@onf.fr
Web. : http://www.onf.fr
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )