[Mailman-Developers] cookies

Thu, 20 Jul 2000 03:04:53 -0700

> So I've made two changes.  First, I'm using sha instead of md5 to
> generate the hash of password+current_time+expires_time -- I don't
> think this'll make any real difference.  Second, I'm `hexlifying' the
> cookie value.  This guarantees that the value will contain only
> characters [0-9][a-f] so no quoting should be necessary and there will
> be no strange characters to confuse things.

OK, I'm probably missing something again, but this looks completely broken
to me.  unhexlify is using int(c, 16), but there is no such 2-argument
int that I can find in Python 1.5.2.

Barry, the following patch made cookies work again, but they were utterly broken before
this patch, and I don't understand how you could have thought they were
not...so is there a 2-argument int() in some unreleased Python or something?...

*** Utils.py.orig       Thu Jul 20 02:57:17 2000
--- Utils.py    Thu Jul 20 02:57:44 2000
***************
*** 627,631 ****
  def unhexlify(s):
      acc = []
      for i in range(0, len(s), 2):
!         acc.append(chr(int(s[i], 16)*16 + int(s[i+1], 16)))
      return string.join(acc, '')
--- 627,631 ----
  def unhexlify(s):
      acc = []
      for i in range(0, len(s), 2):
!         acc.append(chr(string.atol(s[i], 16)*16 + string.atol(s[i+1], 16)))
      return string.join(acc, '')