Defend against CGI requests with multiple values for the same parameter.

author: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
committer: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
commit: 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree: f7743c3b5fc245e214bc94da3266bd16f9d664e2 /Mailman/Cgi/rmlist.py
parent: 845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download: mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py
index 3149700d..032b3ee5 100644
--- a/Mailman/Cgi/rmlist.py
+++ b/Mailman/Cgi/rmlist.py
@@ -42,7 +42,7 @@ def main():
 
     cgidata = cgi.FieldStorage()
     try:
-        cgidata.getvalue('password', '')
+        cgidata.getfirst('password', '')
     except TypeError:
         # Someone crafted a POST with a bad Content-Type:.
         doc.AddItem(Header(2, _("Error")))
@@ -113,9 +113,9 @@ def main():
 
 
 def process_request(doc, cgidata, mlist):
-    password = cgidata.getvalue('password', '').strip()
+    password = cgidata.getfirst('password', '').strip()
     try:
-        delarchives = int(cgidata.getvalue('delarchives', '0'))
+        delarchives = int(cgidata.getfirst('delarchives', '0'))
     except ValueError:
         delarchives = 0
author	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
committer	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
commit	0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree	f7743c3b5fc245e214bc94da3266bd16f9d664e2 /Mailman/Cgi/rmlist.py
parent	845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download	mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip