On 4/21/20 3:30 AM, Chris Joyce wrote:
> Hi,
>
> I would like to know how easy it would be to change the name of the user
> cookie?
...
> If someone could let me know, yes its possible that would be great.
> Actually if someone could say look at this file and that file that would be
> a great help too.
The relevant code is Mailman/SecurityManager.py line 108 which says
userdata = urllib.quote(Utils.ObscureEmail(user), safe='')
Utils.ObscureEmail(user) is what replaces the '@' in the email address
with '--at--'. I think it would be fine to just change that line to
userdata = urllib.quote(user, safe='')
This will leave the '@' unchanged in user, but urllib.quote will change
it to %40 which I think is OK. The Cookie name is a 'token' as defined
in RFC 2616, sec 2.2 and allows '%' (but not '@'). The inversion at
lines 318-319 does `Utils.UnobscureEmail(urllib.unquote(u))`.
urllib.unquote will convert %40 back to @ and UnobscureEmail will ignore
the '@', so all should be good.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
_______________________________________________
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9
