New submission from Michael Pedersen <rep...@icelus.org>: Stumbled across an odd issue last night: If a username has an exclamation in it, and that username is returned as is from an IIdentifier, then the auth_tkt cookie will be invalid. For instance, if my login were "Pedersen!", the auth_tkt cookie would look like this:
"1234567890123456789012345678901234567890Pedersen!!" When the ticket is parsed later, the username returned from the auth_tkt will be "Pedersen" (since it splits on !). It would be much nicer if the code were to use urllib.quote and urllib.unquote on the returned username to ensure that such oddball characters do not pose a problem ever. I'll probably try to fix this myself this week, but if I don't get the chance, I figured at least having the bug listed here would be a good thing. ---------- messages: 266 nosy: pedersen priority: bug status: unread title: repoze.who Identifier Issue __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue98> __________________________________ _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev