admin interface CSRF check fails if listname contains '+'
Bug #1190802 reported by
Mark Sapiro
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
High
|
Mark Sapiro | ||
Bug Description
The hardening of the web admin interface against CSRF attacks which was introduced in Mailman 2.1.15 did not take into account listnames that contain a '+' character and confuses it with a derlimiter causing the check to fail.
Related branches
| Changed in mailman: | |
| status: | In Progress → Fix Committed |
| Changed in mailman: | |
| milestone: | 2.1.16 → 2.1.16rc1 |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
