Re: [web2py] Login username fake ending character

Anthony Thu, 29 Mar 2012 12:34:15 -0700

>
> def user():
> .. #TODO validate submitted username
> .. if request.args(0) == 'login' and request.post_vars.username:
> .. .. request.post_vars.username = request.vars.username = 
> request.post_vars.username[:-1] # remove last character
> .. return dict(form=auth())
>


That doesn't check whether the last character is correct, so 0000012R would 
succeed, but so would 0000012X or any character at the end of the username.

Anthony

Re: [web2py] Login username fake ending character

Reply via email to