Update of /cvsroot/mailman/mailman/Mailman/Cgi
In directory usw-pr-cvs1:/tmp/cvs-serv894
Modified Files:
Tag: Release_2_0_1-branch
admindb.py
Log Message:
PrintPostRequest(): We need to cgi.escape() both the sender field and
the headers so that no evil html can be snuck into those areas either.
Index: admindb.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/admindb.py,v
retrieving revision 1.36.2.6
retrieving revision 1.36.2.7
diff -C2 -d -r1.36.2.6 -r1.36.2.7
*** admindb.py 30 Nov 2001 18:07:40 -0000 1.36.2.6
--- admindb.py 1 Apr 2002 18:47:46 -0000 1.36.2.7
***************
*** 208,212 ****
raise
t = Table(cellspacing=0, cellpadding=0, width='100%')
! t.AddRow([Bold('From:'), sender])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
--- 208,212 ----
raise
t = Table(cellspacing=0, cellpadding=0, width='100%')
! t.AddRow([Bold('From:'), cgi.escape(sender)])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
***************
*** 248,252 ****
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold('Message Headers:'),
! TextArea('headers-%d' % id, string.join(msg.headers, ''),
rows=10, cols=80)])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
--- 248,253 ----
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold('Message Headers:'),
! TextArea('headers-%d' % id,
! cgi.escape(string.join(msg.headers, '')),
rows=10, cols=80)])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
_______________________________________________
Mailman-checkins mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-checkins
