diff options
author | Mark Sapiro <msapiro@value.net> | 2013-04-06 22:54:18 -0700 |
---|---|---|
committer | Mark Sapiro <msapiro@value.net> | 2013-04-06 22:54:18 -0700 |
commit | 4360889791c452db9ee27b0a47739d6c358e076c (patch) | |
tree | 259a7f4efed2176f511a54f6727baa4b1ce84a7d | |
parent | 5c108a6559c6a39beaed2600871b02d0a54edd25 (diff) | |
download | mailman2-4360889791c452db9ee27b0a47739d6c358e076c.tar.gz mailman2-4360889791c452db9ee27b0a47739d6c358e076c.tar.xz mailman2-4360889791c452db9ee27b0a47739d6c358e076c.zip |
Defended against buggy web servers that don't include an empty
QUERY_STRING in the CGI environment. (LP: 1160647)
Diffstat (limited to '')
-rwxr-xr-x | NEWS | 3 | ||||
-rw-r--r-- | scripts/driver | 7 |
2 files changed, 9 insertions, 1 deletions
@@ -58,6 +58,9 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches + - Defended against buggy web servers that don't include an empty + QUERY_STRING in the CGI environment. (LP: 1160647) + - The Switchboard.finish() method now logs the text of the exception when it fails to unlink/preserve a .bak file. (LP: 1165589) diff --git a/scripts/driver b/scripts/driver index a0b6b8c6..67ff0fdf 100644 --- a/scripts/driver +++ b/scripts/driver @@ -1,6 +1,6 @@ # -*- python -*- -# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2013 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -92,6 +92,11 @@ def run_main(): # Mailman.Cgi package. That module must have a main() function, which # we dig out and call. scriptname = sys.argv[1] + # Then we truncate sys.argv because buggy web servers have been + # observed which do not provide an empty QUERY_STRING in the + # environment which causes cgi.FieldStorage() to add sys.argv[1:] to + # the constructed instance. + del sys.argv[1:] # See the reference manual for why we have to do things this way. # Note that importing should have no side-effects! pkg = __import__('Mailman.Cgi', globals(), locals(), [scriptname]) |