httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: cvs commit: httpd-2.0/modules/aaa mod_authn_anon.c
Date Sun, 09 Nov 2003 19:41:07 GMT
On Sun, Nov 09, 2003 at 06:02:26PM -0000, nd@apache.org wrote:
>...
>   +++ mod_authn_anon.c	9 Nov 2003 18:02:26 -0000	1.4
>...
>   -    /* Is username is OK and password been filled out (if required) */
>   -    if ((res == AUTH_USER_FOUND) && ((!conf->mustemail) || strlen(sent_pw))
&&
>   -        /* does the password look like an email address ? */
>   -        ((!conf->verifyemail) ||
>   -          ((strpbrk("@", sent_pw) != NULL) && 
>   -           (strpbrk(".", sent_pw) != NULL)))) {
>   +    if (   (res == AUTH_USER_FOUND)
>   +        && (!conf->mustemail || *sent_pw)
>   +        && (   !conf->verifyemail
>   +            || (ap_strchr_c(sent_pw, '@') && ap_strchr_c(sent_pw, '.'))))
>   +    {

That's a rather complicated "if" statement, and you removed the comment.
I'd ask that you leave a comment in there to provide a human-readable
version of that condition.

>            if (conf->logemail && ap_is_initial_req(r)) {
>                ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
>   -                        "Anonymous: Passwd <%s> Accepted",
>   -                        sent_pw ? sent_pw : "\'none\'");
>   +                          "Anonymous: Passwd <%s> Accepted",
>   +                          sent_pw ? sent_pw : "\'none\'");
>            }

Hmm. This is taking input from the request and dropping it right into the
log. I don't recall what our policy is around there. Do we need to escape
it in any way? (e.g. remove newlines)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message