]> git.ipfire.org Git - thirdparty/tornado.git/commitdiff
projects / thirdparty / tornado.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ed7030d)
return None when a secure-cookie is forged 557/head
authorRaullen <raullenchai@gmail.com>
Tue, 3 Jul 2012 00:28:44 +0000 (17:28 -0700)
committerRaullen <raullenchai@gmail.com>
Tue, 3 Jul 2012 00:28:44 +0000 (17:28 -0700)
tornado/web.py patch | blob | blame | history

diff --git a/tornado/web.py b/tornado/web.py
index a9bc5046fff0a96a7a3ac6a230f26ec1cd6ecbef..99c6858d1a1b7320e6c367bccf14d49ddca7443b 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -2046,6 +2046,7 @@ def decode_signed_value(secret, name, value, max_age_days=31):
         return None
     if parts[1].startswith(b("0")):
         logging.warning("Tampered cookie %r", value)
+        return None
     try:
         return base64.b64decode(parts[0])
     except Exception:
Mirror of https://github.com/tornadoweb/tornado.git