New subject: [Bug 1496632] Re: visiting the user options page with crafted post data or query fragments can produce "we hit a bug"

17 Sep 2015


      Public bug reported:
If one visits the user options page with a hand crafted query fragment
or post data containing for example
language=en&email=&email=test&password=&login-remind=Remind
the fact that the options CGI sees 'email' as a list rather than a
string throws an exception in Utils.websafe().
We will defend against this by testing in Utils.websafe() for a sequence
argument and if so, returning only websafe of the first element.
** Affects: mailman
     Importance: Low
     Assignee: Mark Sapiro (msapiro)
         Status: New
-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1496632

Title:
  visiting the user options page with crafted post data or query
  fragments can produce "we hit a bug"

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1496632/+subscriptions

[Bug 1496632] [NEW] visiting the user options page with crafted post data or query fragments can produce "we hit a bug"

Mark Sapiro

Launchpad Bug Tracker

Mark Sapiro

Mark Sapiro

tags (0)

participants (2)