From: helge Date: Fri, 14 Sep 2007 10:38:57 +0000 (+0000) Subject: changed to be more tolerant about cookie processing (OGo #1911) X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b208944cf36cfbcfa8198457ee72409caf3efd63;p=sope changed to be more tolerant about cookie processing (OGo #1911) git-svn-id: http://svn.opengroupware.org/SOPE/trunk@1538 e4a50df8-12e2-0310-a44c-efbce7f8a7e3 --- diff --git a/sope-appserver/NGObjWeb/ChangeLog b/sope-appserver/NGObjWeb/ChangeLog index 6a0daf17..ee71d66a 100644 --- a/sope-appserver/NGObjWeb/ChangeLog +++ b/sope-appserver/NGObjWeb/ChangeLog @@ -1,7 +1,13 @@ +2007-09-14 Helge Hess + + * SoObjects/SoHTTPAuthenticator.m, SoCookieAuthenticator.m: be more + tolerant about the formatting of 'basic' auth credentials (wrt OGo + bug #1911) (v4.7.15) + 2007-08-29 Helge Hess * WEClientCapabilities.m: added CookComputing XML-RPC.NET as a known - user-agent (fixes OGo buf #1910) (v4.7.14) + user-agent (fixes OGo bug #1910) (v4.7.14) 2007-06-29 Adam Williams diff --git a/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m b/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m index 6d10db58..7eba654d 100644 --- a/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m +++ b/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m @@ -1,5 +1,5 @@ /* - Copyright (C) 2006 Helge Hess + Copyright (C) 2006-2007 Helge Hess This file is part of SOPE. @@ -28,7 +28,6 @@ #include #include #include -#include #include #include "common.h" @@ -216,7 +215,11 @@ static NSString *prefix = @"0xHIGHFLYx"; inContext:_ctx]; } - k = [auth substringFromIndex:6]; + /* + Should be 'basic ' (basic + space), but lets be tolerant and allow an + arbitary amount of leading spaces. + */ + k = [[auth substringFromIndex:5] stringByTrimmingLeadWhiteSpaces]; if ((k = [k stringByDecodingBase64]) == nil) { [self logWithFormat:@"tried unknown authentication method: %@ (C)", auth]; return [self unauthorized:@"unsupported authentication method" diff --git a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m index d29066b7..34bb5d44 100644 --- a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m +++ b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m @@ -1,7 +1,6 @@ /* - Copyright (C) - 2002-2006 SKYRIX Software AG - 2006 Helge Hess + Copyright (C) 2002-2007 SKYRIX Software AG + Copyright (C) 2006-2007 Helge Hess This file is part of SOPE. @@ -94,7 +93,11 @@ return nil; } - k = [_creds substringFromIndex:6]; + /* + Should be 'basic ' (basic + space), but lets be tolerant and allow an + arbitary amount of leading spaces. + */ + k = [[_creds substringFromIndex:5] stringByTrimmingLeadWhiteSpaces]; k = [k stringByDecodingBase64]; if (k == nil) return nil; @@ -235,7 +238,11 @@ inContext:_ctx]; } - k = [auth substringFromIndex:6]; + /* + Should be 'basic ' (basic + space), but lets be tolerant and allow an + arbitary amount of leading spaces. + */ + k = [[auth substringFromIndex:5] stringByTrimmingLeadWhiteSpaces]; if ((k = [k stringByDecodingBase64]) == nil) { [self logWithFormat:@"tried unknown authentication method: %@ (C)", auth]; return [self unauthorized:@"unsupported authentication method" diff --git a/sope-appserver/NGObjWeb/Version b/sope-appserver/NGObjWeb/Version index ae72b0bb..f094a8aa 100644 --- a/sope-appserver/NGObjWeb/Version +++ b/sope-appserver/NGObjWeb/Version @@ -1,6 +1,6 @@ # version file -SUBMINOR_VERSION:=14 +SUBMINOR_VERSION:=15 # v4.7.11 requires libNGExtensions v4.7.194 # v4.5.234 requires libDOM v4.5.21