[ mailman-Patches-1520343 ] FIX: Inputs are imcompletely escaped & saved (2.1 & 2.2)

SourceForge.net noreply at sourceforge.net
Tue Jul 11 06:43:29 CEST 2006


Patches item #1520343, was opened at 2006-07-11 13:34
Message generated for change (Settings changed) made by ikedasoji
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1520343&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Web UI
Group: Mailman 2.2 / 3.0
Status: Open
Resolution: None
Priority: 7
Submitted By: ikedasoji (ikedasoji)
>Assigned to: Tokio Kikuchi (tkikuchi)
>Summary: FIX: Inputs are imcompletely escaped & saved (2.1 & 2.2)

Initial Comment:
Inputs on admin pages are imcompletely escaped, then
the escaped values are saved (excpet 'info' property).
 This expedient solution have caused following problems:
o Input including `"' breaks HTML formatting.
o `<' is not allowed in admin/user option value (it is
replaced with '&lt;' in many contexts).
o 'info' in admin page might break HTML formatting with
some sort of tags (e.g. '</textarea>').

This patch solve these problems.  Always unescaped
value is saved (except '<script>' in 'info') and
escaped only when it is displayed as HTML.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1520343&group_id=103


More information about the Mailman-coders mailing list