[Mailman-Developers] fix for private archives mechanism
Ken Manheimer
klm@python.org
Thu, 3 Sep 1998 22:51:23 -0400 (EDT)
Someone noticed that invalid passwords were being accepted for access
to private archives. I tracked down the problem, and see that this
problem applies to 1.0b4 and also 1.0b5 (we're still at 1.0b4 on
python.org). Any of you running those versions of mailman with a
private archive should apply this patch to private.py (in
Mailman/Cgi/private.py in 1.0b5, and in scripts/private.py in 1.0b4).
You may have to apply it by hand in 1.0b4 - it shouldn't be hard, just
look for the exception line.
Ken Manheimer klm@python.org 703 620-8990 x268
(orporation for National Research |nitiatives
# If you appreciate Python, consider joining the PSA! #
# <http://www.python.org/psa/>. #
Index: private.py
===================================================================
RCS file: /projects/cvsroot/mailman/Mailman/Cgi/private.py,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** private.py 1998/07/11 23:19:08 1.4
--- private.py 1998/09/04 02:44:44 1.5
***************
*** 148,154 ****
try:
listobj.ConfirmUserPassword( username, password)
except (Errors.MMBadUserError, Errors.MMBadPasswordError):
! return 1
import base64, md5
token = md5.new(SECRET + list_name + SECRET).digest()
--- 148,154 ----
try:
listobj.ConfirmUserPassword( username, password)
except (Errors.MMBadUserError, Errors.MMBadPasswordError):
! return 0
import base64, md5
token = md5.new(SECRET + list_name + SECRET).digest()