[Mailman-Developers] Mailman Security Patch Announcement
Stephen J. Turnbull
stephen at xemacs.org
Sat Feb 19 08:07:13 CET 2011
Restricting to "developers".
I wonder if hunks like
> @@ -471,7 +471,7 @@
> if fullname is None:
> fullname = _('<em>Not available</em>')
> - fullname = Utils.uncanonstr(fullname, lang)
> + fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
> table.AddRow([_("""Your confirmation is required in order to complete the
> unsubscription request from the mailing list <em>%(listname)s</em>. You
> are currently subscribed with
wouldn't better be done in table.AddRow, etc? Specifically I have in
mind some sort of device where the *default* behavior is "websafe()",
and you have to mark variable text as "safe" to get "active" markup.
I'm pretty sure this is not appropriate for 2.x (too invasive), but
maybe it's an idea for Mailman 3.
More information about the Mailman-Developers