[Zope-Checkins] CVS: Zope/lib/python/AccessControl - User.py:1.163.2.5
Andreas Jung
andreas@zope.com
Thu, 13 Dec 2001 09:16:08 -0500
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv3630/lib/python/AccessControl
Modified Files:
Tag: Zope-2_5-branch
User.py
Log Message:
Collector #88: overlong base64 encoded auth strings could break
decoding (in theory).
=== Zope/lib/python/AccessControl/User.py 1.163.2.4 => 1.163.2.5 ===
if auth and auth.lower().startswith('basic '):
try: name, password=tuple(
- decodestring(auth.split()[-1]).split(':', 1)
+ decodestring(auth.split(' ')[-1]).split(':', 1)
)
except:
raise 'Bad Request', 'Invalid authentication token'