getUserByLogin can be a problem wrt security

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12460 20353a03-c40f-0410-a6d1-a30d3c3de9de

getUserByLogin can be a problem wrt security
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12460 20353a03-c40f-0410-a6d1-a30d3c3de9de
58c863e4 · Jérome Perrin · 796452da · 58c863e4
Commit 58c863e4 authored Jan 30, 2007 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 6 deletions

product/ERP5Security/ERP5UserManager.py product/ERP5Security/ERP5UserManager.py +5 -6

No files found.
--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -30,7 +30,7 @@ from Products.ERP5Type.Cache import CachingMethod
 from ZODB.POSException import ConflictError
 import sys

-from zLOG import LOG
+from zLOG import LOG, PROBLEM

 try :
  from AccessControl.AuthEncoding import pw_validate
@@ -165,10 +165,9 @@ class ERP5UserManager(BasePlugin):
                               path=self.getPhysicalPath())

    def getUserByLogin(self, login):
-        """
-        Search the Catalog for login and return a list of person objects
-        login can be a string or a list of strings
-        """
+        # Search the Catalog for login and return a list of person objects
+        # login can be a string or a list of strings
+        # (no docstring to prevent publishing)
        if not login:
          return []
        # because we aren't logged in, we have to create our own
@@ -184,7 +183,7 @@ class ERP5UserManager(BasePlugin):
          except ConflictError:
            raise
          except:
-            LOG('ERP5Security', 0, 'getUserByLogin failed', error=sys.exc_info())
+            LOG('ERP5Security', PROBLEM, 'getUserByLogin failed', error=sys.exc_info())
            # Here we must raise an exception to prevent calers from caching
            # a result of a degraded situation.
            # The kind of exception does not matter as long as it's catched by