Hi,
I just converted my site from modperl1 to modperl2 and in the process
(actually after deployment) discovered that AuthCookie is handling
the retrieval of the credentials just slightly differently.
It turns out in modperl1, that if a credential had a space in it,
when it was passed to the authen_cred() method, it had a space in
it. However, for modperl2, Apache2::AuthCookie has converted the
space to a + (which is a shorthand encoding).
However, a ligitimate "+" in the credential is also being sent along
as a + to the authen_cred() method, so you can't distinguish the two
cases.
The AuthCookie implementations for getting the credentials out of a
POST are very different between modperl1 (uses $r->content) and
modperl2 (which uses what looks like and old version of the "compat"
routine to fetch POST data). I'm sure the difference lies somewhere
in there.
It looks like it is calling Apache2::URI::unescape_url() as it should
but it just isn't unescaping the +.
The credentials are as submitted by Firefox 1.5 if that matters.
Any clues on how to fix this? I have some customers who will
probably have problems logging in :-(
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
