admindb needs to escape message excerpt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Invalid
|
Medium
|
Barry Warsaw |
Bug Description
Symptom: Some pending posts are missing from admindb
display of pending posts. In my case, #1 -#6
displayed OK, #7 and #8 were missing, but #9 and #10
were OK.
Cause: The excerpt for #6 ended in the middle of a
commented-
script. Both Netscape 4.7 and MSIE 5.5 for some
reason are looking for the comment close (-->), and
end up missing the </textarea>. The html for
processing messages #7 and #8 ended up in the excerpt
textarea for #6. Message #8 was another message with
javascript (can you tell I'm filtering for spam? :D),
only in this case, the entire script fit in the
excerpt, so the --> was found, and the </textarea> for
#8 closed off the textarea for #6. Message #9 then
appeared normally.
Fix: In admindb.py, in the TextArea function call for
the message excerpt, I replaced 'text' with 'cgi.escape
(text)' and that fixed the problem.
John Van Essen <email address hidden>
[http://
Duplicate of #486340. Fixed in MM2.1 and MM2.0.9