[Bug 1190802] [NEW] admin interface CSRF check fails if listname contains '+'
mark at msapiro.net
Fri Jun 14 02:40:15 CEST 2013
Public bug reported:
The hardening of the web admin interface against CSRF attacks which was
introduced in Mailman 2.1.15 did not take into account listnames that
contain a '+' character and confuses it with a derlimiter causing the
check to fail.
** Affects: mailman
Assignee: Mark Sapiro (msapiro)
Status: In Progress
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
admin interface CSRF check fails if listname contains '+'
To manage notifications about this bug go to:
More information about the Mailman-coders