[Mailman-Developers] Re: Mailman and cookies.

Barry A. Warsaw barry@zope.com
Fri, 19 Oct 2001 19:24:52 -0400

>>>>> "CVR" == Chuq Von Rospach <chuqui@plaidworks.com> writes:

    CVR> Barry, I think you need to take a look at your cookie code,
    CVR> and look for ways to bullet-proof it. It seems to have some
    CVR> assumptions that I found out the hard way aren't safe.

This patch against Mailman 2.0.6 should be enough to prevent the core
dumps.  If you haven't completed your upgrade yet, can you give it a


-------------------- snip snip --------------------
Index: SecurityManager.py
RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v
retrieving revision
diff -u -r1.31.2.1 SecurityManager.py
--- SecurityManager.py	2001/07/25 18:07:51
+++ SecurityManager.py	2001/10/19 23:23:12
@@ -118,7 +118,7 @@
         cookiedata = os.environ.get('HTTP_COOKIE')
         if not cookiedata:
             return 0
-        c = Cookie.Cookie(cookiedata)
+        c = Cookie.Cookie(cookiedata, net_setfunc=lambda x: x)
         if not c.has_key(key):
             return 0
         # Undo the encoding we performed in MakeCookie() above