CookieError on addresses with plus and/or equal signs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The Web/CGI interface to mailmain allows the user to
set addresses where the "name" part includes "+" and
"=" chars, but chokes afterwards when trying to log in
again with such addresses (which are, I think,
perfectly fine).
For example, I registererd to the mod_python list as
<email address hidden>; after a while I changed it to
<email address hidden>, which worked all right.
But trying to access the web interface brings:
Bug in Mailman version 2.1.4
We're sorry, we hit a bug!
If you would like to help us identify the problem,
please email a copy of this page to the webmaster for
this site with a description of what happened. Thanks!
Traceback:
Traceback (most recent call last):
File "/var/mailman/
main()
File "/var/mailman/
in main
password, user):
File "/var/mailman/
226, in WebAuthenticate
print self.MakeCookie(ac, user)
File "/var/mailman/
240, in MakeCookie
c[key] = binascii.
File "/usr/lib/
__setitem__
self.__set(key, rval, cval)
File "/usr/lib/
M.set(key, real_value, coded_value)
File "/usr/lib/
raise CookieError(
CookieError: Illegal key value:
mod_python+
[etc, etc]
[http://
I've just fixed this in CVS (Release_ 2_1-maint) .
SecurityManager.py revision 2.20.2.5