#285 Digest authorization breaks on second = sign in request

v2.1
open
nobody
zsi (169)
5
2010-01-21
2010-01-21
Jeff Muhlbock
No

The HTTP digest authorization throws a ValueError when the authorization request sent by the server contains a name="value" pair, in which the value itself contains an = sign.

Fixing is simple. In ZSI/digest_auth.py, change line 93 from:

k,v = http_header[m.start():m.end()].split('=')

to:

k,v = http_header[m.start():m.end()].split('=',1)

This limits the splitting to only the first = sign, leaving the value part of the string untouched.

Discussion