[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1711: Fixed a regression in Cgi/options.py.

Sun, 04 Jun 2017 18:58:25 -0700 

------------------------------------------------------------
revno: 1711
fixes bug: https://launchpad.net/bugs/1602608
committer: Mark Sapiro <m...@msapiro.net>
branch nick: 2.1
timestamp: Sun 2017-06-04 18:52:11 -0700
message:
  Fixed a regression in Cgi/options.py.
modified:
  Mailman/Cgi/options.py
  NEWS


--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription

=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py	2016-08-27 03:47:49 +0000
+++ Mailman/Cgi/options.py	2017-06-05 01:52:11 +0000
@@ -110,7 +110,17 @@
     # CSRF check
     safe_params = ['displang-button', 'language', 'email', 'password', 'login',
                    'login-unsub', 'login-remind', 'VARHELP', 'UserOptions']
-    params = cgidata.keys()
+    try:
+        params = cgidata.keys()
+    except TypeError:
+        # Someone crafted a POST with a bad Content-Type:.
+        doc.AddItem(Header(2, _("Error")))
+        doc.AddItem(Bold(_('Invalid options to CGI script.')))
+        # Send this with a 400 status.
+        print 'Status: 400 Bad Request'
+        print doc.Format()
+        return
+
     if set(params) - set(safe_params):
         csrf_checked = csrf_check(mlist, cgidata.getvalue('csrf_token'))
     else:
@@ -124,17 +134,7 @@
     # we might have a 'language' key in the cgi data.  That was an explicit
     # preference to view the page in, so we should honor that here.  If that's
     # not available, use the list's default language.
-    try:
-        language = cgidata.getvalue('language')
-    except TypeError:
-        # Someone crafted a POST with a bad Content-Type:.
-        doc.AddItem(Header(2, _("Error")))
-        doc.AddItem(Bold(_('Invalid options to CGI script.')))
-        # Send this with a 400 status.
-        print 'Status: 400 Bad Request'
-        print doc.Format()
-        return
-
+    language = cgidata.getvalue('language')
     if not Utils.IsLanguage(language):
         language = mlist.preferred_language
     i18n.set_language(language)

=== modified file 'NEWS'
--- NEWS	2017-06-05 00:27:02 +0000
+++ NEWS	2017-06-05 01:52:11 +0000
@@ -9,6 +9,9 @@
 
   Bug fixes and other patches
 
+    - The fix for LP: #1614841 caused a regression in the options CGI.  This
+      has been fixed.  (LP: #1602608)
+
     - Added a -a option to the (e)grep commands in contrib/mmdsr to account
       for logs that may have non-ascii and be seen as binary.
 


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to