From f0d392172bb2400927948004d2dc66c264ca2aa5 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Thu, 20 Nov 2008 13:08:31 -0800
Subject: Fixed a problem in SecurityManager that caused it to not find the
 cookie when CheckCookie was not given a user and the user in the cookie had a
 %xx encoded character.  Bug # 299220.

---
 Mailman/SecurityManager.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'Mailman/SecurityManager.py')

diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 01610b43..572018e2 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -299,7 +299,8 @@ class SecurityManager:
                         usernames.append(k[len(prefix):])
             # If any check out, we're golden.  Note: `@'s are no longer legal
             # values in cookie keys.
-            for user in [Utils.UnobscureEmail(u) for u in usernames]:
+            for user in [Utils.UnobscureEmail(urllib.unquote(u))
+                         for u in usernames]:
                 ok = self.__checkone(c, authcontext, user)
                 if ok:
                     return True
-- 
cgit v1.2.3