[Zope-CMF] Bug w/patch in register method

Chris Withers chrisw@nipltd.com
Sun, 08 Jul 2001 14:47:11 +0100


This is a multi-part message in MIME format.
--------------1F287786B263E744CA1B438F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

The attached fix cleans up some urls and fixes some url quoting problems in the
process in the register method of CMFDefault.

Also, should the registered method really contain a url which has both the
username and password of a newly generated member in it? Seems like a bit of a
security hole to me :-S

cheers,

Chris
--------------1F287786B263E744CA1B438F
Content-Type: text/plain; charset=us-ascii;
 name="register.py.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="register.py.patch"

--- register.py.original	Fri Jun 29 15:48:40 2001
+++ register.py	Sun Jul 08 13:01:35 2001
@@ -9,10 +9,10 @@
 if not portal_properties.validate_email:
   failMessage = portal_registration.testPasswordValidity(password, confirm)
   if failMessage:
-      return REQUEST.RESPONSE.redirect(context.absolute_url() +'/join_form?error=%s' % (failMessage))
+      return context.join_form(context,REQUEST,error=failMessage)
 failMessage = portal_registration.testPropertiesValidity(REQUEST)
 if failMessage:
-    return REQUEST.RESPONSE.redirect(context.absolute_url() +'/join_form?error=%s' % (failMessage))
+    return context.join_form(context,REQUEST,error=failMessage)
 else:
     password=REQUEST.get('password') or portal_registration.generatePassword()
     portal_registration.addMember(REQUEST['username'], password, properties=REQUEST)

--------------1F287786B263E744CA1B438F--