Fix a potentail XSS attack via the user options page.

author: Mark Sapiro <mark@msapiro.net> 2021-11-03 12:02:21 -0700
committer: Mark Sapiro <mark@msapiro.net> 2021-11-03 12:02:21 -0700
commit: e17a9218ddd5b614c2a02743cedc9652974af7af (patch)
tree: 5986ad88c29d21e91af700a6f12c67c3cd42b4e2 /Mailman/Cgi/options.py
parent: 488bc552f048eb03f510791eac87cc717370ab59 (diff)
download: mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.gz
mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.xz
mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 60b7d9b6..3db0a172 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -346,6 +346,8 @@ def main():
             varhelp = qs[0]
     if varhelp:
         # Sanitize the topic name.
+        while '%' in varhelp:
+            varhelp = urllib.unquote_plus(varhelp)
         varhelp = re.sub('<.*', '', varhelp)
         topic_details(mlist, doc, user, cpuser, userlang, varhelp)
         return
author	Mark Sapiro <mark@msapiro.net>	2021-11-03 12:02:21 -0700
committer	Mark Sapiro <mark@msapiro.net>	2021-11-03 12:02:21 -0700
commit	e17a9218ddd5b614c2a02743cedc9652974af7af (patch)
tree	5986ad88c29d21e91af700a6f12c67c3cd42b4e2 /Mailman/Cgi/options.py
parent	488bc552f048eb03f510791eac87cc717370ab59 (diff)
download	mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.gz mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.xz mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.zip