[Merge] lp:~ralfjung-e/mailman/csrf-injective into lp:mailman/2.1

Ralf Jung post+launchpad at ralfj.de
Sun Jun 3 16:43:24 EDT 2018

Ralf Jung has proposed merging lp:~ralfjung-e/mailman/csrf-injective into lp:mailman/2.1.

Commit message:
Separate data in CSRF token by colon to avoid collisions.

Requested reviews:
  Mailman Coders (mailman-coders)

For more details, see:

This makes the data-to-token function injective. Previously, for example, the
list called "list1" and the IP "" would have the same hash as the list
called "list" and the IP "", as the strings were just concatenated.
Your team Mailman Coders is requested to review the proposed merge of lp:~ralfjung-e/mailman/csrf-injective into lp:mailman/2.1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 1553 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-coders/attachments/20180603/71e680d7/attachment.diff>

More information about the Mailman-coders mailing list