diff options
author | Ian Bicking <ianb@colorstudy.com> | 2010-09-02 02:42:24 -0500 |
---|---|---|
committer | Ian Bicking <ianb@colorstudy.com> | 2010-09-02 02:42:24 -0500 |
commit | 7428650dc1484e426e69002bb4b17cac3f6b8e73 (patch) | |
tree | 07493401e7b30eec9dafc168248a7806554736ad /paste/auth | |
parent | 2f5bbe61d249b3c8884072d33047ad7522dd8068 (diff) | |
download | paste-7428650dc1484e426e69002bb4b17cac3f6b8e73.tar.gz |
A probably incomplete fix for http://trac.pythonpaste.org/pythonpaste/ticket/328 -- quote the path before checking the digest. May not recreate the original quoting, but at least it is more correct than simply appending SCRIPT_NAME and PATH_INFO, which are definitely not quoted.
Diffstat (limited to 'paste/auth')
-rw-r--r-- | paste/auth/digest.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/paste/auth/digest.py b/paste/auth/digest.py index cc2ccfa..e5c81a3 100644 --- a/paste/auth/digest.py +++ b/paste/auth/digest.py @@ -36,6 +36,7 @@ try: except ImportError: from md5 import md5 import time, random +from urllib import quote as url_quote def digest_password(realm, username, password): """ construct the appropriate hashcode needed for HTTP digest """ @@ -90,7 +91,7 @@ class AuthDigestAuthenticator(object): the request returning authenticated user or error. """ method = REQUEST_METHOD(environ) - fullpath = SCRIPT_NAME(environ) + PATH_INFO(environ) + fullpath = urllib.quote(SCRIPT_NAME(environ)) + urllib.quote(PATH_INFO(environ)) authorization = AUTHORIZATION(environ) if not authorization: return self.build_authentication() @@ -200,7 +201,7 @@ def make_digest(app, global_conf, realm, authfunc, **kw): use = egg:Paste#auth_digest realm=myrealm authfunc=somepackage.somemodule:somefunction - + """ from paste.util.import_string import eval_import import types |