looks like a byte/unicode problem I have little idea for the truncation but for the TypeError, looks like safe_str_equal seems the buggy one is a lot too much overkill, as it is very unlikely that someone would want to make a timing attack on captcha.
So I would suggest as a quick fix to replace safe_str_equal by a classic == A long term improvement would be to log the full stack trace on all exceptions Le 10/11/2016 à 10:42, M.-A. Lemburg a écrit : > I checked the logs. They are full of entries like these: > > [Thu Nov 10 08:06:36 2016] [error] 2016-11-10 08:06:36,257 INFO > MoinMoin.security.textcha:159 TextCha: failure (u='x.x.x.x', a='van', > re='[Never match for cheaters]', q='What is van Rossum's fir', > rsn='TypeError during signature check') > > Here's the associated code: > > http://hg.moinmo.in/moin/1.9/file/561b7a9c2bd9/MoinMoin/security/textcha.py#l129 > > What's strange is the truncated question and the TypeError. > > I've put Thomas Waldmann on CC. Perhaps he can add some more > insights. > > Thomas: I have upgraded the moin installation to 1.9.9 and > we're getting lots of textcha errors since then. Questions > get truncated and TypeErrors appear to prevent any textcha > from succeeding, it seems. > > Any ideas ? > > Thanks, _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www