~phdavis1027


#357 Block calls to unsupported "short" numbers 30 days ago

~singpolyma assigned ~phdavis1027 to #357 on ~singpolyma/soprani.ca

#32 Passwords including " don't work 2 months ago

Comment by ~phdavis1027 on ~amolith/willow

The bug arises because when willow.go hashes the password at the time of user creation, it does not sanitize. However, when users login their password is sanitized before being pulled out of the request, which escapes the quotation mark. A test case got this code out of ws.go:

LoginHandler (unsanitized): bob a"a LoginHandler (sanitized): bob a"a