[pydotorg-www] Editing LocalUserGroups
Xavier Combelle
xavier.combelle at gmail.com
Thu Nov 10 05:44:20 EST 2016
looks like a byte/unicode problem
I have little idea for the truncation but for the TypeError, looks like
safe_str_equal seems the buggy one is
a lot too much overkill, as it is very unlikely that someone would want
to make a timing attack on captcha.
So I would suggest as a quick fix to replace safe_str_equal by a classic ==
A long term improvement would be to log the full stack trace on all
exceptions
Le 10/11/2016 à 10:42, M.-A. Lemburg a écrit :
> I checked the logs. They are full of entries like these:
>
> [Thu Nov 10 08:06:36 2016] [error] 2016-11-10 08:06:36,257 INFO
> MoinMoin.security.textcha:159 TextCha: failure (u='x.x.x.x', a='van',
> re='[Never match for cheaters]', q='What is van Rossum's fir',
> rsn='TypeError during signature check')
>
> Here's the associated code:
>
> http://hg.moinmo.in/moin/1.9/file/561b7a9c2bd9/MoinMoin/security/textcha.py#l129
>
> What's strange is the truncated question and the TypeError.
>
> I've put Thomas Waldmann on CC. Perhaps he can add some more
> insights.
>
> Thomas: I have upgraded the moin installation to 1.9.9 and
> we're getting lots of textcha errors since then. Questions
> get truncated and TypeErrors appear to prevent any textcha
> from succeeding, it seems.
>
> Any ideas ?
>
> Thanks,
More information about the pydotorg-www
mailing list