visiting the user options page with crafted post data or query fragments can produce "we hit a bug"
Bug #1496632 reported by
Mark Sapiro
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro | ||
Bug Description
If one visits the user options page with a hand crafted query fragment or post data containing for example
language=
the fact that the options CGI sees 'email' as a list rather than a string throws an exception in Utils.websafe().
We will defend against this by testing in Utils.websafe() for a sequence argument and if so, returning only websafe of the first element.
Related branches
| Changed in mailman: | |
| status: | New → Fix Committed |
| Changed in mailman: | |
| milestone: | 2.1.21 → 2.1.21rc1 |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
