[Mailman-Developers] small fix for admindb.py

Tollef Fog Heen Mon, 30 Apr 2001 08:40:49 -0700


It seems like admindb.py doesn't escape the body of html emails
properly, which can make it impossible to do anything to the post.

This patch should fix it.

--- mailman/Mailman/Cgi/admindb.py~     Mon Apr 30 17:53:15 2001
+++ mailman/Mailman/Cgi/admindb.py      Mon Apr 30 17:56:09 2001
@@ -228,7 +228,7 @@
     row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
     t.AddCellInfo(row, col-1, align='right')
     t.AddRow([Bold('Message Excerpt:'),
-              TextArea('fulltext-%d' % id, text, rows=10, cols=80)])
+              TextArea('fulltext-%d' % id, cgi.escape(text), rows=10, cols=80)])
     t.AddCellInfo(row+1, col-1, align='right')
     form.AddItem(t)
     form.AddItem('<p>')

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] small fix for admindb.py

Reply via email to