[ mailman-Patches-869644 ] Fix: Error accessing priv. roster/arch w/ non-member address

SourceForge.net noreply at sourceforge.net
Fri Jan 2 20:15:34 EST 2004


Patches item #869644, was opened at 2004-01-02 18:45
Message generated for change (Comment added) made by bwarsaw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103

Category: Web UI
Group: Mailman 2.1
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Stephan Berndts (berndts)
Assigned to: Barry A. Warsaw (bwarsaw)
Summary: Fix: Error accessing priv. roster/arch w/ non-member address

Initial Comment:
Mailman 2.1.4 is producing a bug if one tries to login to a private 
roster or archive with an email address which is not a member of 
the respective mailing list.

This patch solves the problem.

----------------------------------------------------------------------

>Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-02 20:15

Message:
Logged In: YES 
user_id=12800

Someone I downloaded an older SecurityManager.py.patch.  I
grabbed it again and now see what you're talking about. 
Here's one way the bug can be manifest: if you were a member
when you logged in to read the archives, but got
subsequently removed before your cookie expired (i.e. your
browser exited).  Is there another way this crash can happen?

----------------------------------------------------------------------

Comment By: Stephan Berndts (berndts)
Date: 2004-01-02 19:09

Message:
Logged In: YES 
user_id=129854

That's a completely different position in the file!? I am in function 
__checkone, not in Authenticate.
Your comment does not match my patch :)

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-02 19:02

Message:
Logged In: YES 
user_id=12800

Are you sure you're looking at version 2.20.2.2 of
SecurityManager.py?  Here's what the AuthUser clause looks like:

            elif ac == mm_cfg.AuthUser:
                if user is not None:
                    try:
                        if self.authenticateMember(user,
response):
                            return ac
                    except Errors.NotAMemberError:
                        pass

This doesn't match patch the patch, so I'm wondering if your
files are out of date?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103



More information about the Mailman-coders mailing list