From: Peter Valian (valianp@southwestern.edu)
Date: Fri Aug 31 2001 - 12:01:04 CDT
Hmmm...something sure isn't right there. the plus should not be getting
encoded as a "+" in the URL encoding.
Thanks for bringing this to my attention steve. I will look into this.
Also, as todd mentioned Im working on NetReg 1.3...this will be a bug
fix release and some requests for enhancements. Primarily this will fix
the leases parser to work with the latest DHCP server.
If anyone has anymore bug fixes or is just aware of a bug, please let me
know asap.
thanks,
peter
Steve Hideg wrote:
> Folks,
>
> I've discovered an interesting bug in the netreg 1.2 code. I don't know
> if this has already been discussed or addressed, but I'll proceed to
> explain it below.
>
> In the subroutine get_input, there's the following line:
>
> $value =~ tr/+/ /;
>
> This line is part of some cleanup code to undo the conversion web
> browsers do to handle spaces in URLs. Web browsers change all spaces to
> "+" characters, and this line converts them back to spaces.
>
> I've run across a couple of instances where users had a "+" character in
> their passwords. The result is a modification of their password to
> include a space instead of "+", and authentication failure.
>
> To repair this, I've replaced the above line with the following:
>
> if($name ne 'pass')
> {$value =~ tr/+/ /;}
>
> This will undo the browser conversion on every parameter except the
> password parameter.
>
> Again, I don't know if this is an issue for anyone, or if it has been
> addressed already, but this is my solution.
>
> ++Steve
>
> _________________________________________________________________________
> Steve Hideg
> Technical Support Specialist, Saint Mary's College, Notre Dame IN
> <hideg@saintmarys.edu>
> _________________________________________________________________________
> "That's the sort of thing up with which we must not put." --W. Churchill
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
-- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax --********************************************************************** To unsubscribe from this list, send an e-mail message to majordomo@southwestern.edu containing a single line with the words: unsubscribe netreg Send requests for assistance to: owner-netreg@southwestern.edu **********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:36 CDT