R-2.6.3

2013-09-15 12:00:13 -05:00 · 2013-09-15 11:51:01 -05:00 · 2013-09-15 11:48:32 -05:00 · 2013-09-15 11:46:46 -05:00 · 2013-09-15 09:40:15 -05:00
5 changed files with 8 additions and 5 deletions
--- a/2
+++ b/2
@@ -30,7 +30,7 @@ update:
 	echo "remember that pymysql was tweaked"
 src:
 	### Use semantic versioning
-	echo 'Version 2.6.2-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
+	echo 'Version 2.6.3-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
 	### rm -f all junk files
 	make clean
 	### clean up baisc apps
--- a/2
+++ b/2
@@ -1 +1 @@
-Version 2.6.2-stable+timestamp.2013.09.13.17.43.10
+Version 2.6.3-stable+timestamp.2013.09.15.11.59.21
--- a/applications/admin/controllers/default.py
+++ b/applications/admin/controllers/default.py
@@ -108,7 +108,7 @@ def index():
    if session.authorized:
        redirect(send)
    elif request.vars.password:
-        if verify_password(request.vars.password):
+        if verify_password(request.vars.password[:1024]):
            session.authorized = True
            login_record(True)

--- a/applications/admin/models/access.py
+++ b/applications/admin/models/access.py
@@ -49,7 +49,7 @@ def verify_password(password):
    session.pam_user = None
    if DEMO_MODE:
        return True
-    elif not 'password' in _config:
+    elif not _config.get('password'):
        return False
    elif _config['password'].startswith('pam_user:'):
        session.pam_user = _config['password'][9:].strip()
--- a/gluon/validators.py
+++ b/gluon/validators.py
@@ -2890,7 +2890,8 @@ class CRYPT(object):
                 key=None,
                 digest_alg='pbkdf2(1000,20,sha512)',
                 min_length=0,
-                 error_message='too short', salt=True):
+                 error_message='too short', salt=True,
+                 max_length=1024):
        """
        important, digest_alg='md5' is not the default hashing algorithm for
        web2py. This is only an example of usage of this function.
@@ -2901,10 +2902,12 @@ class CRYPT(object):
        self.key = key
        self.digest_alg = digest_alg
        self.min_length = min_length
+        self.max_length = max_length
        self.error_message = error_message
        self.salt = salt

    def __call__(self, value):
+        value = value and value[:self.max_length]
        if len(value) < self.min_length:
            return ('', translate(self.error_message))
        return (LazyCrypt(self, value), None)
Author	SHA1	Message	Date
mdipierro	13c78fae58	R-2.6.3	2013-09-15 12:00:13 -05:00
mdipierro	91c0a31800	R-2.6.3	2013-09-15 11:51:01 -05:00
mdipierro	277137c8e6	R-2.6.3	2013-09-15 11:48:32 -05:00
mdipierro	4556a355a2	fixed a problem with CRYPT password length	2013-09-15 11:46:46 -05:00
mdipierro	7dafb07438	added a extra level of protection for long passwords, even if IS_LENGTH validator is missing	2013-09-15 09:40:15 -05:00