visiting the user options page with crafted post data or query fragments can produce "we hit a bug"
Bug #1496632 reported by
Mark Sapiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro |
Bug Description
If one visits the user options page with a hand crafted query fragment or post data containing for example
language=
the fact that the options CGI sees 'email' as a list rather than a string throws an exception in Utils.websafe().
We will defend against this by testing in Utils.websafe() for a sequence argument and if so, returning only websafe of the first element.
Related branches
Changed in mailman: | |
status: | New → Fix Committed |
Changed in mailman: | |
milestone: | 2.1.21 → 2.1.21rc1 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.