[ mailman-Bugs-1879338 ] catch invalid URLs
Bugs item #1879338, was opened at 2008-01-25 08:00 Message generated for change (Comment added) made by jidanni You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1879338&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Web/CGI Group: 2.1 beta Status: Open Resolution: None Priority: 5 Private: No Submitted By: jidanni (jidanni) Assigned to: Nobody/Anonymous (nobody) Summary: catch invalid URLs Initial Comment: One finds one can use URLs like http://lists.example.org/admin.cgi/zzz-example.org/zzz/add/vvv/dddd and still visit the administration pages as if one typed in a correct URL. Somewhere in Mailman, something is not checking the URL beyond a certain length or segment. You might say "so what?", but if you allow these to work, soon all kinds of people's typos will end up in documents as being the URL to use to do various tasks, just because they happened to work that day. (Yes, the above example does not bypass password checks.) ----------------------------------------------------------------------
Comment By: jidanni (jidanni) Date: 2008-02-05 23:20
Message: Logged In: YES user_id=1971011 Originator: YES http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.057.htp is an example of a evil looseness. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1879338&group_id=103
participants (1)
-
SourceForge.net