[kforge-dev] mod_python authentication handlers
John Bywater
john.bywater at appropriatesoftware.net
Thu Sep 13 10:43:00 UTC 2007
So another idea is: the mod_python documentation for the request object
discusses passing values between handlers by setting attributes on the
request object. Now, as the Trac handler is being passes POST
information, I suggest we attempt to remedy the situation by removing
all request parameters from the request object when a redirect is
initiated. That way we can hope that Trac isn't able to respond to a
POST request.
Just an idea. I had assumed nothing about the request object, but if the
same object passed is passed to every handler, then we probably are in
full control afterall.
Anyway, it's just an idea at the mo....
John.
John Bywater wrote:
> Just looking at this code again, setting the request.user in all cases
> seems wrong.
>
> Also, I'm still sure we can think of a way to fix things up so that we
> can redirect browsers without triggering the Trac handler. It's not
> really wholly satisfactory at the mo, I reckon....
>
> Best wishes,
>
> John.
>
>
>
>
--
Appropriate Software Foundation
Registered in England and Wales
17 Chapel Street, Hyde Cheshire
Company number: 04977110
W: appropriatesoftware.net
T: 0870 720 2944
M: 0781 139 2292
More information about the kforge-dev
mailing list