You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ponymail.apache.org by hu...@apache.org on 2020/09/08 07:35:11 UTC

[incubator-ponymail-foal] 02/02: cookie must be valid hex

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git

commit 496983e7ab29fe6258921a8ffbb7b493eb754b0c
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Tue Sep 8 09:34:14 2020 +0200

    cookie must be valid hex
---
 server/plugins/session.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/plugins/session.py b/server/plugins/session.py
index 4592484..f8424fd 100644
--- a/server/plugins/session.py
+++ b/server/plugins/session.py
@@ -98,6 +98,8 @@ async def get_session(
             )
             if "ponymail" in cookies:
                 session_id = cookies["ponymail"].value
+                if not all(c in 'abcdefg1234567890-' for c in session_id):
+                    session_id = None
                 break
 
     # Do we have the session in local memory?