[Zope-Checkins] CVS: Zope/lib/python/AccessControl - User.py:1.152.4.3
Andreas Jung
andreas@zope.com
Thu, 13 Dec 2001 09:19:33 -0500
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv6092/lib/python/AccessControl
Modified Files:
Tag: Zope-2_4-branch
User.py
Log Message:
Collector #88: overlong base64 encoded strings could break Zope (in theory)
=== Zope/lib/python/AccessControl/User.py 1.152.4.2 => 1.152.4.3 ===
if auth and lower(auth[:6])=='basic ':
try: name, password=tuple(split(decodestring(
- split(auth)[-1]), ':', 1))
+ split(auth,' ')[-1]), ':', 1))
except:
raise 'Bad Request', 'Invalid authentication token'
return name, password