aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/SecurityManager.py (unfollow)
Commit message (Collapse)AuthorFilesLines
2008-11-20Fixed a problem in SecurityManager that caused it to not find theMark Sapiro1-2/+3
cookie when CheckCookie was not given a user and the user in the cookie had a %xx encoded character. Bug # 299220.
2008-11-12Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw1-8/+7
I've modified the patch to improve some of the stylistic issues.
2006-07-30Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically,bwarsaw1-9/+11
- In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not.
2005-08-27FSF office has moved to 51 Franklin Street.tkikuchi1-1/+1
2004-11-25We have to escape other special characters like '=', so use urllib.tkikuchi1-1/+3
2004-10-09[ 1030228 ] Mass Subscribe address with control character - can't deletetkikuchi1-1/+1
Also, '/' can be used now.
2004-01-03__checkone(): Patch 869644, ignore NotAMemberError that can get raisedbwarsaw1-2/+5
from AuthContextInfo() when old cookie data is for someone no longer a member of the mailing list. Closes SF bug # 869647. Bug and patch by Stephan Berndts.
2003-12-26Authenticate(): When authenticating AuthUser, wrap thebwarsaw1-35/+40
self.authenticateMember() call in a try/except catching and ignoring NotAMemberErrors. The effect of this is that other authcontexts being check will then proceed as normal. This fixes admin login to the private archives, and non-public rosters. Under the old code, if you tried to get into the private archives w/o entering an email address, but using the admin password, you'd be denied access. WebAuthenticate(): Removed the wrapping of .Authenticate() in try/except catching of NotAMemberError, since this should never percolate out now. Also, use True/False everywhere it's appropriate (but not in the cookie code). Original bug and patch by Stephan Berndts. Closes SF bug # 864676 and SF patch # 864674.
2003-02-08Backporting from the trunk.bwarsaw1-12/+26