[Bug 1496632] [NEW] visiting the user options page with crafted post data or query fragments can produce "we hit a bug"

Mark Sapiro mark at msapiro.net
Thu Sep 17 01:42:44 CEST 2015


Public bug reported:

If one visits the user options page with a hand crafted query fragment
or post data containing for example

language=en&email=&email=test&password=&login-remind=Remind

the fact that the options CGI sees 'email' as a list rather than a
string throws an exception in Utils.websafe().

We will defend against this by testing in Utils.websafe() for a sequence
argument and if so, returning only websafe of the first element.

** Affects: mailman
     Importance: Low
     Assignee: Mark Sapiro (msapiro)
         Status: New

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1496632

Title:
  visiting the user options page with crafted post data or query
  fragments can produce "we hit a bug"

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1496632/+subscriptions


More information about the Mailman-coders mailing list