[Mailman-Developers] mass subscribe bug
John Viega
viega@list.org
Sat, 13 Jun 1998 22:43:50 -0700
On Sat, Jun 13, 1998 at 11:41:16PM -0500, The Dragon De Monsyne wrote:
>
> I'm afraid I know little of cookies, but if it's a problem of
> http escaping, I DO know that base64 will produce charecters that will
> need escaping. There is a module for the apache webserver that generates
> unique ID's for hits, and it encodes the binary ID using a _modified_
> version of base64-encoding for this reason.
Well, cookies are handled in mime headers. So they don't have the
same escaping problems as html. However, I think you did hit the
problem. It occurs to me that ';' has special meaning on the mime
line. So we'd still have this problem w/ plaintext when people have a
';' in their password. My guess is that things are blowing up when
the base64 outputs a semicolon. IIRC, the only special chars to the
right of the colon should be the semi-colon, and the end of line.
But, we should find out for sure, and guard against it...
John