Ian Bicking committed 27a36b3

A probably incomplete fix for -- quote the path before checking the digest. May not recreate the original quoting, but at least it is more correct than simply appending SCRIPT_NAME and PATH_INFO, which are definitely not quoted.

Comments (0)

Files changed (1)


 except ImportError:
     from md5 import md5
 import time, random
+from urllib import quote as url_quote
 def digest_password(realm, username, password):
     """ construct the appropriate hashcode needed for HTTP digest """
             the request returning authenticated user or error.
         method = REQUEST_METHOD(environ)
-        fullpath = SCRIPT_NAME(environ) + PATH_INFO(environ)
+        fullpath = urllib.quote(SCRIPT_NAME(environ)) + urllib.quote(PATH_INFO(environ))
         authorization = AUTHORIZATION(environ)
         if not authorization:
             return self.build_authentication()
       use = egg:Paste#auth_digest
     from paste.util.import_string import eval_import
     import types