On 2/18/2011 8:01 AM, Mark Sapiro wrote: > > The patch is attached as confirm_xss.patch.txt. >
This list's content filtering stripped the patch's signature part. For those who would want to verify the signature, I am resending the patch here as a PGP MIME format message which should pass content filtering. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py 2010-03-29 20:48:11 +0000
+++ Mailman/Cgi/confirm.py 2011-02-12 02:24:47 +0000
@@ -471,7 +471,7 @@
if fullname is None:
fullname = _('<em>Not available</em>')
else:
- fullname = Utils.uncanonstr(fullname, lang)
+ fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
table.AddRow([_("""Your confirmation is required in order to complete the
unsubscription request from the mailing list <em>%(listname)s</em>. You
are currently subscribed with
@@ -573,7 +573,7 @@
if fullname is None:
fullname = _('<em>Not available</em>')
else:
- fullname = Utils.uncanonstr(fullname, lang)
+ fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
if globally:
globallys = _('globally')
else:
@@ -814,7 +814,7 @@
if username is None:
username = _('<em>not available</em>')
else:
- username = Utils.uncanonstr(username, lang)
+ username = Utils.websafe(Utils.uncanonstr(username, lang))
table.AddRow([_("""Your membership in the %(realname)s mailing list is
currently disabled due to excessive bounces. Your confirmation is
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
