diff options
author | Mark Sapiro <msapiro@value.net> | 2011-05-09 18:34:07 -0700 |
---|---|---|
committer | Mark Sapiro <msapiro@value.net> | 2011-05-09 18:34:07 -0700 |
commit | 168f74f5b381070879789f8b6c4e4ee8b599dbd6 (patch) | |
tree | ff7e7aa77da017de17c03b29c242ee448acecc24 /Mailman/Cgi | |
parent | 68c8d57f95b53ed2dc204bf0ee617c650df00c9a (diff) | |
download | mailman2-168f74f5b381070879789f8b6c4e4ee8b599dbd6.tar.gz mailman2-168f74f5b381070879789f8b6c4e4ee8b599dbd6.tar.xz mailman2-168f74f5b381070879789f8b6c4e4ee8b599dbd6.zip |
Prevented setting user passwords with leading/trailing whitespace. Bug #778088.
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r-- | Mailman/Cgi/options.py | 6 | ||||
-rw-r--r-- | Mailman/Cgi/roster.py | 6 | ||||
-rw-r--r-- | Mailman/Cgi/subscribe.py | 8 |
3 files changed, 10 insertions, 10 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 6841ae64..6316af6e 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -434,8 +434,8 @@ address. Upon confirmation, any other mailing list containing the address options_page(mlist, doc, user, cpuser, userlang) print doc.Format() return - newpw = cgidata.getvalue('newpw') - confirmpw = cgidata.getvalue('confpw') + newpw = cgidata.getvalue('newpw', '').strip() + confirmpw = cgidata.getvalue('confpw', '').strip() if not newpw or not confirmpw: options_page(mlist, doc, user, cpuser, userlang, _('Passwords may not be blank')) diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py index d31608ff..6260c973 100644 --- a/Mailman/Cgi/roster.py +++ b/Mailman/Cgi/roster.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -73,8 +73,8 @@ def main(): # "admin"-only, then we try to cookie authenticate the user, and failing # that, we check roster-email and roster-pw fields for a valid password. # (also allowed: the list moderator, the list admin, and the site admin). - password = cgidata.getvalue('roster-pw', '') - addr = cgidata.getvalue('roster-email', '') + password = cgidata.getvalue('roster-pw', '').strip() + addr = cgidata.getvalue('roster-email', '').strip() list_hidden = (not mlist.WebAuthenticate((mm_cfg.AuthUser,), password, addr) and mlist.WebAuthenticate((mm_cfg.AuthListModerator, diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 0d10eb19..7c49c51c 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -125,12 +125,12 @@ def process_form(mlist, doc, cgidata, lang): syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote) results.append(_('You may not subscribe a list to itself!')) # If the user did not supply a password, generate one for him - password = cgidata.getvalue('pw') - confirmed = cgidata.getvalue('pw-conf') + password = cgidata.getvalue('pw', '').strip() + confirmed = cgidata.getvalue('pw-conf', '').strip() - if password is None and confirmed is None: + if not password and not confirmed: password = Utils.MakeRandomPassword() - elif password is None or confirmed is None: + elif not password or not confirmed: results.append(_('If you supply a password, you must confirm it.')) elif password <> confirmed: results.append(_('Your passwords did not match.')) |