Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
31e1d384
Commit
31e1d384
authored
Mar 06, 2006
by
Tres Seaver
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Collector #2039: '_authUserPW' choked on passwords containing colons.
parent
bd5f1829
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
74 additions
and
13 deletions
+74
-13
doc/CHANGES.txt
doc/CHANGES.txt
+7
-12
lib/python/ZPublisher/HTTPRequest.py
lib/python/ZPublisher/HTTPRequest.py
+1
-1
lib/python/ZPublisher/tests/testHTTPRequest.py
lib/python/ZPublisher/tests/testHTTPRequest.py
+66
-0
No files found.
doc/CHANGES.txt
View file @
31e1d384
...
...
@@ -6,26 +6,21 @@ Zope Changes
To-do
- Reenable C permission roles by implementing recent Python
changes in C, brining the Python and C implementations back in
sync. See lib/python/AccessControl/PermissionRole.py.
- Add cyclic-garbage collection support to C extension classes,
especially to acquisition wrappers.
- Reenable C Zope security policy by implementing recent Python
changes in C, bringing the Python and C implementations back in
sync. See lib/python/AccessControl/ZopeSecurityPolicy.py.
- Change acquisition wrappers to implement the descr get slot
directly, thus speeding the use of the slot.
- Collector #1233: port ZOPE_CONFIG patch from Zope 2.7 to Zope 2.8
N.B: ExtensionClassType already declares that it supports GC
(via the Py_TPFLAGS_HAVE_GC flag), but does not appear to conform
to the rules for such a type laid out in the Python docs:
http://docs.python.org/api/supporting-cycle-detection.html
After Zope 2.8.6
Bugs fixed
- Collector #2039: 'ZPublisher.HTTPRequest.HTTPRequest._authUserPW'
choked on passwords which contained colons.
- Missing import of NotFound in webdav.Resource.
Zope 2.8.6 (2006/02/25)
...
...
lib/python/ZPublisher/HTTPRequest.py
View file @
31e1d384
...
...
@@ -1333,7 +1333,7 @@ class HTTPRequest(BaseRequest):
if
auth
[:
6
].
lower
()
==
'basic '
:
if
base64
is
None
:
import
base64
[
name
,
password
]
=
\
base64
.
decodestring
(
auth
.
split
()[
-
1
]).
split
(
':'
)
base64
.
decodestring
(
auth
.
split
()[
-
1
]).
split
(
':'
,
1
)
return
name
,
password
def
taintWrapper
(
self
,
enabled
=
TAINTING_ENABLED
):
...
...
lib/python/ZPublisher/tests/testHTTPRequest.py
View file @
31e1d384
import
unittest
from
urllib
import
quote_plus
class
AuthCredentialsTestsa
(
unittest
.
TestCase
):
def
_getTargetClass
(
self
):
from
ZPublisher.HTTPRequest
import
HTTPRequest
return
HTTPRequest
def
_makeOne
(
self
,
stdin
=
None
,
environ
=
None
,
response
=
None
,
clean
=
1
):
if
stdin
is
None
:
from
StringIO
import
StringIO
stdin
=
StringIO
()
if
environ
is
None
:
environ
=
{}
if
'SERVER_NAME'
not
in
environ
:
environ
[
'SERVER_NAME'
]
=
'http://localhost'
if
'SERVER_PORT'
not
in
environ
:
environ
[
'SERVER_PORT'
]
=
'8080'
if
response
is
None
:
class
_FauxResponse
(
object
):
_auth
=
None
response
=
_FauxResponse
()
return
self
.
_getTargetClass
()(
stdin
,
environ
,
response
,
clean
)
def
test__authUserPW_simple
(
self
):
import
base64
user_id
=
'user'
password
=
'password'
encoded
=
base64
.
encodestring
(
'%s:%s'
%
(
user_id
,
password
)
)
auth_header
=
'basic %s'
%
encoded
environ
=
{
'HTTP_AUTHORIZATION'
:
auth_header
}
request
=
self
.
_makeOne
(
environ
=
environ
)
user_id_x
,
password_x
=
request
.
_authUserPW
()
self
.
assertEqual
(
user_id_x
,
user_id
)
self
.
assertEqual
(
password_x
,
password
)
def
test__authUserPW_with_embedded_colon
(
self
):
# http://www.zope.org/Collectors/Zope/2039
import
base64
user_id
=
'user'
password
=
'embedded:colon'
encoded
=
base64
.
encodestring
(
'%s:%s'
%
(
user_id
,
password
)
)
auth_header
=
'basic %s'
%
encoded
environ
=
{
'HTTP_AUTHORIZATION'
:
auth_header
}
request
=
self
.
_makeOne
(
environ
=
environ
)
user_id_x
,
password_x
=
request
.
_authUserPW
()
self
.
assertEqual
(
user_id_x
,
user_id
)
self
.
assertEqual
(
password_x
,
password
)
class
RecordTests
(
unittest
.
TestCase
):
def
test_repr
(
self
):
...
...
@@ -622,6 +687,7 @@ class RequestTests( unittest.TestCase ):
def
test_suite
():
suite
=
unittest
.
TestSuite
()
suite
.
addTest
(
unittest
.
makeSuite
(
AuthCredentialsTestsa
,
'test'
))
suite
.
addTest
(
unittest
.
makeSuite
(
RecordTests
,
'test'
))
suite
.
addTest
(
unittest
.
makeSuite
(
ProcessInputsTests
,
'test'
))
suite
.
addTest
(
unittest
.
makeSuite
(
RequestTests
,
'test'
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment