aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <msapiro@value.net>2013-04-06 22:54:18 -0700
committerMark Sapiro <msapiro@value.net>2013-04-06 22:54:18 -0700
commit4360889791c452db9ee27b0a47739d6c358e076c (patch)
tree259a7f4efed2176f511a54f6727baa4b1ce84a7d
parent5c108a6559c6a39beaed2600871b02d0a54edd25 (diff)
downloadmailman2-4360889791c452db9ee27b0a47739d6c358e076c.tar.gz
mailman2-4360889791c452db9ee27b0a47739d6c358e076c.tar.xz
mailman2-4360889791c452db9ee27b0a47739d6c358e076c.zip
Defended against buggy web servers that don't include an empty
QUERY_STRING in the CGI environment. (LP: 1160647)
Diffstat (limited to '')
-rwxr-xr-xNEWS3
-rw-r--r--scripts/driver7
2 files changed, 9 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index da3f3b3e..7dca5d7b 100755
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,9 @@ Here is a history of user visible changes to Mailman.
Bug Fixes and other patches
+ - Defended against buggy web servers that don't include an empty
+ QUERY_STRING in the CGI environment. (LP: 1160647)
+
- The Switchboard.finish() method now logs the text of the exception when
it fails to unlink/preserve a .bak file. (LP: 1165589)
diff --git a/scripts/driver b/scripts/driver
index a0b6b8c6..67ff0fdf 100644
--- a/scripts/driver
+++ b/scripts/driver
@@ -1,6 +1,6 @@
# -*- python -*-
-# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2013 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -92,6 +92,11 @@ def run_main():
# Mailman.Cgi package. That module must have a main() function, which
# we dig out and call.
scriptname = sys.argv[1]
+ # Then we truncate sys.argv because buggy web servers have been
+ # observed which do not provide an empty QUERY_STRING in the
+ # environment which causes cgi.FieldStorage() to add sys.argv[1:] to
+ # the constructed instance.
+ del sys.argv[1:]
# See the reference manual for why we have to do things this way.
# Note that importing should have no side-effects!
pkg = __import__('Mailman.Cgi', globals(), locals(), [scriptname])