[Erp5-report] r12460 - /erp5/trunk/products/ERP5Security/ERP5UserManager.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Tue Jan 30 16:03:49 CET 2007
Author: jerome
Date: Tue Jan 30 16:03:47 2007
New Revision: 12460
URL: http://svn.erp5.org?rev=12460&view=rev
Log:
getUserByLogin can be a problem wrt security
Modified:
erp5/trunk/products/ERP5Security/ERP5UserManager.py
Modified: erp5/trunk/products/ERP5Security/ERP5UserManager.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/ERP5UserManager.py?rev=12460&r1=12459&r2=12460&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/ERP5UserManager.py (original)
+++ erp5/trunk/products/ERP5Security/ERP5UserManager.py Tue Jan 30 16:03:47 2007
@@ -30,7 +30,7 @@
from ZODB.POSException import ConflictError
import sys
-from zLOG import LOG
+from zLOG import LOG, PROBLEM
try :
from AccessControl.AuthEncoding import pw_validate
@@ -165,10 +165,9 @@
path=self.getPhysicalPath())
def getUserByLogin(self, login):
- """
- Search the Catalog for login and return a list of person objects
- login can be a string or a list of strings
- """
+ # Search the Catalog for login and return a list of person objects
+ # login can be a string or a list of strings
+ # (no docstring to prevent publishing)
if not login:
return []
# because we aren't logged in, we have to create our own
@@ -184,7 +183,7 @@
except ConflictError:
raise
except:
- LOG('ERP5Security', 0, 'getUserByLogin failed', error=sys.exc_info())
+ LOG('ERP5Security', PROBLEM, 'getUserByLogin failed', error=sys.exc_info())
# Here we must raise an exception to prevent calers from caching
# a result of a degraded situation.
# The kind of exception does not matter as long as it's catched by
More information about the Erp5-report
mailing list