Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Middleware::Auth::Basic bug with password containing colon #319

Closed
mcholste opened this Issue · 2 comments

2 participants

@mcholste

Plack/Middleware/Auth/Basic.pm line 28:
my($user, $pass) = split /:/, (MIME::Base64::decode($1) || ":");
A password containing a colon passed from the user will set $pass to just the characters until the first colon.
Fix:
my($user, @pass) = split /:/, (MIME::Base64::decode($1) || ":");
my $pass = join(':', @pass);

Or you could of course put in a regex.

@miyagawa
Owner

Or you could of course put in a regex.

No, split takes its 3rd argument to stop splitting, so you can just pass 2 there.

@miyagawa miyagawa closed this in 07f70b1
@mcholste

Beautiful, thanks!

@miyagawa miyagawa referenced this issue from a commit
@miyagawa miyagawa Checking in changes prior to tagging of version 1.0003.
Changelog diff is:

diff --git a/Changes b/Changes
index d1144bf..3509cf7 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,11 @@
 Go to http://github.com/plack/Plack/issues for the roadmap and known issues.

+1.0003  Wed Aug 29 13:44:53 PDT 2012
+    [BUG FIXES]
+        - Fix Basic authentication error in case password contains a colon #319
+        - Fix AccessLog middleware in platforms where %z strftime is not supported #318
+        - Escape $_ in Plack::Request path method due to a possible URI::Escape bug
+
 1.0002  Mon Aug 13 17:04:25 PDT 2012
     [NEW FEATURES]
         - Added --no-default-middleware option to plackup #290
f5204d7
@miyagawa miyagawa referenced this issue from a commit
@miyagawa miyagawa Checking in changes prior to tagging of version 1.0004.
Changelog diff is:

diff --git a/Changes b/Changes
index 3509cf7..acbb0ef 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,13 @@
 Go to http://github.com/plack/Plack/issues for the roadmap and known issues.

+1.0004  Thu Sep 20 08:36:11 JST 2012
+    [NEW FEATURES]
+        - Added psgix.harakiri support in HTTP::Server::PSGI
+
+    [IMPROVEMENTS]
+        - Preload TempBuffer modules (avar)
+        - Documentation fixes (autarch)
+
 1.0003  Wed Aug 29 13:44:53 PDT 2012
     [BUG FIXES]
         - Fix Basic authentication error in case password contains a colon #319
18920be
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.