On Sun, Nov 09, 2003 at 06:02:26PM -0000, [EMAIL PROTECTED] wrote:
>...
> +++ mod_authn_anon.c 9 Nov 2003 18:02:26 -0000 1.4
>...
> - /* Is username is OK and password been filled out (if required) */
> - if ((res == AUTH_USER_FOUND) && ((!conf->mustemail) || strlen(sent_pw)) &&
> - /* does the password look like an email address ? */
> - ((!conf->verifyemail) ||
> - ((strpbrk("@", sent_pw) != NULL) &&
> - (strpbrk(".", sent_pw) != NULL)))) {
> + if ( (res == AUTH_USER_FOUND)
> + && (!conf->mustemail || *sent_pw)
> + && ( !conf->verifyemail
> + || (ap_strchr_c(sent_pw, '@') && ap_strchr_c(sent_pw, '.'))))
> + {
That's a rather complicated "if" statement, and you removed the comment.
I'd ask that you leave a comment in there to provide a human-readable
version of that condition.
> if (conf->logemail && ap_is_initial_req(r)) {
> ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
> - "Anonymous: Passwd <%s> Accepted",
> - sent_pw ? sent_pw : "\'none\'");
> + "Anonymous: Passwd <%s> Accepted",
> + sent_pw ? sent_pw : "\'none\'");
> }
Hmm. This is taking input from the request and dropping it right into the
log. I don't recall what our policy is around there. Do we need to escape
it in any way? (e.g. remove newlines)
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
