diff options
| author | Mark Sapiro <msapiro@value.net> | 2010-09-09 08:16:57 -0700 |
|---|---|---|
| committer | Mark Sapiro <msapiro@value.net> | 2010-09-09 08:16:57 -0700 |
| commit | f653b2a70e36bccd6128c4f4b973e09ea898e2cf (patch) | |
| tree | e8617f48eee66fbb3fe85709ea1e348375f9d9e2 | |
| parent | aa911e138aa82a21197e0bda656ac51eab45447d (diff) | |
| download | mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.tar.gz mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.tar.xz mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.zip | |
Two potential XSS vulnerabilities have been identified and fixed.
| -rw-r--r-- | Mailman/Cgi/listinfo.py | 4 | ||||
| -rw-r--r-- | Mailman/HTMLFormatter.py | 7 | ||||
| -rw-r--r-- | Mailman/Utils.py | 187 | ||||
| -rw-r--r-- | NEWS | 4 |
4 files changed, 104 insertions, 98 deletions
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 22ab9d5f..8aaae14c 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -97,7 +97,7 @@ def listinfo_overview(msg=''): else: advertised.append((mlist.GetScriptURL('listinfo'), mlist.real_name, - mlist.description)) + Utils.websafe(mlist.description))) if msg: greeting = FontAttr(msg, color="ff5060", size="+1") else: diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py index 3a21d961..dad51e74 100644 --- a/Mailman/HTMLFormatter.py +++ b/Mailman/HTMLFormatter.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -383,8 +383,9 @@ class HTMLFormatter: '<mm-mailman-footer>' : self.GetMailmanFooter(), '<mm-list-name>' : self.real_name, '<mm-email-user>' : self._internal_name, - '<mm-list-description>' : self.description, - '<mm-list-info>' : BR.join(self.info.split(NL)), + '<mm-list-description>' : Utils.websafe(self.description), + '<mm-list-info>' : + '<!---->' + BR.join(self.info.split(NL)) + '<!---->', '<mm-form-end>' : self.FormatFormEnd(), '<mm-archive>' : self.FormatArchiveAnchor(), '</mm-archive>' : '</a>', diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 5cba077e..d5babc14 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -911,99 +911,100 @@ _badwords = [ # Kludge to allow the specific tag that's in the options.html template. '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)', '<meta', + '<object', '<script', - r'(?:^|\W)j(?:ava)?script(?:\W|$)', - r'(?:^|\W)vbs(?:cript)?(?:\W|$)', - r'(?:^|\W)domactivate(?:\W|$)', - r'(?:^|\W)domattrmodified(?:\W|$)', - r'(?:^|\W)domcharacterdatamodified(?:\W|$)', - r'(?:^|\W)domfocus(?:in|out)(?:\W|$)', - r'(?:^|\W)dommenuitem(?:in)?active(?:\W|$)', - r'(?:^|\W)dommousescroll(?:\W|$)', - r'(?:^|\W)domnodeinserted(?:intodocument)?(?:\W|$)', - r'(?:^|\W)domnoderemoved(?:fromdocument)?(?:\W|$)', - r'(?:^|\W)domsubtreemodified(?:\W|$)', - r'(?:^|\W)fscommand(?:\W|$)', - r'(?:^|\W)onabort(?:\W|$)', - r'(?:^|\W)on(?:de)?activate(?:\W|$)', - r'(?:^|\W)on(?:after|before)print(?:\W|$)', - r'(?:^|\W)on(?:after|before)update(?:\W|$)', - r'(?:^|\W)onbefore(?:(?:de)?activate|copy|cut|editfocus|paste)(?:\W|$)', - r'(?:^|\W)onbeforeunload(?:\W|$)', - r'(?:^|\W)onbegin(?:\W|$)', - r'(?:^|\W)onblur(?:\W|$)', - r'(?:^|\W)onbounce(?:\W|$)', - r'(?:^|\W)onbroadcast(?:\W|$)', - r'(?:^|\W)on(?:cell)?change(?:\W|$)', - r'(?:^|\W)oncheckboxstatechange(?:\W|$)', - r'(?:^|\W)on(?:dbl)?click(?:\W|$)', - r'(?:^|\W)onclose(?:\W|$)', - r'(?:^|\W)oncommand(?:update)?(?:\W|$)', - r'(?:^|\W)oncomposition(?:end|start)(?:\W|$)', - r'(?:^|\W)oncontextmenu(?:\W|$)', - r'(?:^|\W)oncontrolselect(?:\W|$)', - r'(?:^|\W)oncopy(?:\W|$)', - r'(?:^|\W)oncut(?:\W|$)', - r'(?:^|\W)ondataavailable(?:\W|$)', - r'(?:^|\W)ondataset(?:changed|complete)(?:\W|$)', - r'(?:^|\W)ondrag(?:drop|end|enter|exit|gesture|leave|over)?(?:\W|$)', - r'(?:^|\W)ondragstart(?:\W|$)', - r'(?:^|\W)ondrop(?:\W|$)', - r'(?:^|\W)onend(?:\W|$)', - r'(?:^|\W)onerror(?:update)?(?:\W|$)', - r'(?:^|\W)onfilterchange(?:\W|$)', - r'(?:^|\W)onfinish(?:\W|$)', - r'(?:^|\W)onfocus(?:in|out)?(?:\W|$)', - r'(?:^|\W)onhelp(?:\W|$)', - r'(?:^|\W)oninput(?:\W|$)', - r'(?:^|\W)onkey(?:up|down|press)(?:\W|$)', - r'(?:^|\W)onlayoutcomplete(?:\W|$)', - r'(?:^|\W)on(?:un)?load(?:\W|$)', - r'(?:^|\W)onlosecapture(?:\W|$)', - r'(?:^|\W)onmedia(?:complete|error)(?:\W|$)', - r'(?:^|\W)onmouse(?:down|enter|leave|move|out|over|up|wheel)(?:\W|$)', - r'(?:^|\W)onmove(?:end|start)?(?:\W|$)', - r'(?:^|\W)on(?:off|on)line(?:\W|$)', - r'(?:^|\W)onoutofsync(?:\W|$)', - r'(?:^|\W)onoverflow(?:changed)?(?:\W|$)', - r'(?:^|\W)onpage(?:hide|show)(?:\W|$)', - r'(?:^|\W)onpaint(?:\W|$)', - r'(?:^|\W)onpaste(?:\W|$)', - r'(?:^|\W)onpause(?:\W|$)', - r'(?:^|\W)onpopup(?:hidden|hiding|showing|shown)(?:\W|$)', - r'(?:^|\W)onprogress(?:\W|$)', - r'(?:^|\W)onpropertychange(?:\W|$)', - r'(?:^|\W)onradiostatechange(?:\W|$)', - r'(?:^|\W)onreadystatechange(?:\W|$)', - r'(?:^|\W)onrepeat(?:\W|$)', - r'(?:^|\W)onreset(?:\W|$)', - r'(?:^|\W)onresize(?:end|start)?(?:\W|$)', - r'(?:^|\W)onresume(?:\W|$)', - r'(?:^|\W)onreverse(?:\W|$)', - r'(?:^|\W)onrow(?:delete|enter|exit|inserted)(?:\W|$)', - r'(?:^|\W)onrows(?:delete|enter|inserted)(?:\W|$)', - r'(?:^|\W)onscroll(?:\W|$)', - r'(?:^|\W)onseek(?:\W|$)', - r'(?:^|\W)onselect(?:start)?(?:\W|$)', - r'(?:^|\W)onselectionchange(?:\W|$)', - r'(?:^|\W)onstart(?:\W|$)', - r'(?:^|\W)onstop(?:\W|$)', - r'(?:^|\W)onsubmit(?:\W|$)', - r'(?:^|\W)onsync(?:from|to)preference(?:\W|$)', - r'(?:^|\W)onsyncrestored(?:\W|$)', - r'(?:^|\W)ontext(?:\W|$)', - r'(?:^|\W)ontimeerror(?:\W|$)', - r'(?:^|\W)ontrackchange(?:\W|$)', - r'(?:^|\W)onunderflow(?:\W|$)', - r'(?:^|\W)onurlflip(?:\W|$)', - r'(?:^|\W)seeksegmenttime(?:\W|$)', - r'(?:^|\W)svgabort(?:\W|$)', - r'(?:^|\W)svgerror(?:\W|$)', - r'(?:^|\W)svgload(?:\W|$)', - r'(?:^|\W)svgresize(?:\W|$)', - r'(?:^|\W)svgscroll(?:\W|$)', - r'(?:^|\W)svgunload(?:\W|$)', - r'(?:^|\W)svgzoom(?:\W|$)', + r'\bj(?:ava)?script\b', + r'\bvbs(?:cript)?\b', + r'\bdomactivate\b', + r'\bdomattrmodified\b', + r'\bdomcharacterdatamodified\b', + r'\bdomfocus(?:in|out)\b', + r'\bdommenuitem(?:in)?active\b', + r'\bdommousescroll\b', + r'\bdomnodeinserted(?:intodocument)?\b', + r'\bdomnoderemoved(?:fromdocument)?\b', + r'\bdomsubtreemodified\b', + r'\bfscommand\b', + r'\bonabort\b', + r'\bon(?:de)?activate\b', + r'\bon(?:after|before)print\b', + r'\bon(?:after|before)update\b', + r'\bonbefore(?:(?:de)?activate|copy|cut|editfocus|paste)\b', + r'\bonbeforeunload\b', + r'\bonbegin\b', + r'\bonblur\b', + r'\bonbounce\b', + r'\bonbroadcast\b', + r'\bon(?:cell)?change\b', + r'\boncheckboxstatechange\b', + r'\bon(?:dbl)?click\b', + r'\bonclose\b', + r'\boncommand(?:update)?\b', + r'\boncomposition(?:end|start)\b', + r'\boncontextmenu\b', + r'\boncontrolselect\b', + r'\boncopy\b', + r'\boncut\b', + r'\bondataavailable\b', + r'\bondataset(?:changed|complete)\b', + r'\bondrag(?:drop|end|enter|exit|gesture|leave|over)?\b', + r'\bondragstart\b', + r'\bondrop\b', + r'\bonend\b', + r'\bonerror(?:update)?\b', + r'\bonfilterchange\b', + r'\bonfinish\b', + r'\bonfocus(?:in|out)?\b', + r'\bonhelp\b', + r'\boninput\b', + r'\bonkey(?:up|down|press)\b', + r'\bonlayoutcomplete\b', + r'\bon(?:un)?load\b', + r'\bonlosecapture\b', + r'\bonmedia(?:complete|error)\b', + r'\bonmouse(?:down|enter|leave|move|out|over|up|wheel)\b', + r'\bonmove(?:end|start)?\b', + r'\bon(?:off|on)line\b', + r'\bonoutofsync\b', + r'\bonoverflow(?:changed)?\b', + r'\bonpage(?:hide|show)\b', + r'\bonpaint\b', + r'\bonpaste\b', + r'\bonpause\b', + r'\bonpopup(?:hidden|hiding|showing|shown)\b', + r'\bonprogress\b', + r'\bonpropertychange\b', + r'\bonradiostatechange\b', + r'\bonreadystatechange\b', + r'\bonrepeat\b', + r'\bonreset\b', + r'\bonresize(?:end|start)?\b', + r'\bonresume\b', + r'\bonreverse\b', + r'\bonrow(?:delete|enter|exit|inserted)\b', + r'\bonrows(?:delete|enter|inserted)\b', + r'\bonscroll\b', + r'\bonseek\b', + r'\bonselect(?:start)?\b', + r'\bonselectionchange\b', + r'\bonstart\b', + r'\bonstop\b', + r'\bonsubmit\b', + r'\bonsync(?:from|to)preference\b', + r'\bonsyncrestored\b', + r'\bontext\b', + r'\bontimeerror\b', + r'\bontrackchange\b', + r'\bonunderflow\b', + r'\bonurlflip\b', + r'\bseeksegmenttime\b', + r'\bsvgabort\b', + r'\bsvgerror\b', + r'\bsvgload\b', + r'\bsvgresize\b', + r'\bsvgscroll\b', + r'\bsvgunload\b', + r'\bsvgzoom\b', ] @@ -6,6 +6,10 @@ Here is a history of user visible changes to Mailman. 2.1.14 (xx-xxx-xxxx) + Security + + - Two potential XSS vulnerabilities have been identified and fixed. + New Features - A new feature for controlling the addition/replacement of the Sender: |