[Zope-CMF] registrationtool.py allows illegal member names

Norbert Marrale norbert@attira.com
Fri, 24 Aug 2001 14:37:17 +0200 

What gives? 

All of these are seemingly valid, only a space as the first character 
returns a 0 in isMemberIDAllowed

http://www.attira.net/home/logged_in?__ac_name=spacer%20&__ac_pa
ssword=

http://www.attira.net/home/logged_in?__ac_name=some%20name&__a
c_password= 

likewise: illegal characters are not filtered out but passed to the tool, 
which subsequently chokes on it and returns an attribute error:

user name: "monkey'around" produces


Traceback (innermost last):
  File /usr/local/zope/lib/python/ZPublisher/Publish.py, line 223, in 
publish_module
  File /usr/local/zope/lib/python/ZPublisher/Publish.py, line 187, in 
publish
  File /usr/local/zope/lib/python/Zope/__init__.py, line 221, in 
zpublisher_exception_hook
    (Object: Traversable)
  File /usr/local/zope/lib/python/ZPublisher/Publish.py, line 171, in 
publish
  File /usr/local/zope/lib/python/ZPublisher/mapply.py, line 160, in 
mapply
    (Object: register)
  File /usr/local/zope/lib/python/ZPublisher/Publish.py, line 112, in 
call_object
    (Object: register)
  File /usr/local/zope/lib/python/Shared/DC/Scripts/Bindings.py, line 
324, in __call__
    (Object: register)
  File /usr/local/zope/lib/python/Shared/DC/Scripts/Bindings.py, line 
354, in _bindAndExec
    (Object: register)
  File /usr/local/zope/lib/python/Products/CMFCore/FSPythonScript.py, 
line 187, in _exec
    (Object: register)
    (Info: ({'script': <FSPythonScript instance at 8fe0980>, 'context': 
<CMFSite instance at 8fd99e0>, 'container': <CMFSite instance 
at 8fd99e0>, '_': <TemplateDict object at 0x915d660>, 
'traverse_subpath': []}, ('password', 'confirm'), {}, ('password', 'confirm')))
  File Script (Python), line 17, in register
  File /usr/local/zope/lib/python/Products/CMFCore/RegistrationTool.py, 
line 188, in addMember
    (Object: portal_registration)
  File 
/usr/local/zope/lib/python/Products/CMFDefault/MembershipTool.py, 
line 158, in addMember
    (Object: portal_membership)
  File /usr/local/zope/lib/python/Products/CMFCore/MembershipTool.py, 
line 458, in addMember
    (Object: portal_membership)
AttributeError: (see above)



On the Road of Life, 
there are Tourists and there are Travelers.
I'd rather be Traveling!

Norbert Marrale
norbert@infocatch.com