[Mailman-Developers] fix for private archives mechanism

Ken Manheimer klm@python.org
Thu, 3 Sep 1998 22:51:23 -0400 (EDT)


Someone noticed that invalid passwords were being accepted for access
to private archives.  I tracked down the problem, and see that this
problem applies to 1.0b4 and also 1.0b5 (we're still at 1.0b4 on
python.org).  Any of you running those versions of mailman with a
private archive should apply this patch to private.py (in
Mailman/Cgi/private.py in 1.0b5, and in scripts/private.py in 1.0b4).
You may have to apply it by hand in 1.0b4 - it shouldn't be hard, just
look for the exception line.

Ken Manheimer		  klm@python.org	    703 620-8990 x268
	    (orporation for National Research |nitiatives

	# If you appreciate Python, consider joining the PSA! #
		  # <http://www.python.org/psa/>. #

Index: private.py
===================================================================
RCS file: /projects/cvsroot/mailman/Mailman/Cgi/private.py,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** private.py	1998/07/11 23:19:08	1.4
--- private.py	1998/09/04 02:44:44	1.5
***************
*** 148,154 ****
      try:
  	listobj.ConfirmUserPassword( username, password)
      except (Errors.MMBadUserError, Errors.MMBadPasswordError): 
! 	return 1
  
      import base64, md5
      token = md5.new(SECRET + list_name + SECRET).digest()
--- 148,154 ----
      try:
  	listobj.ConfirmUserPassword( username, password)
      except (Errors.MMBadUserError, Errors.MMBadPasswordError): 
! 	return 0
  
      import base64, md5
      token = md5.new(SECRET + list_name + SECRET).digest()