diff options
| author | Mark Sapiro <mark@msapiro.net> | 2014-09-21 19:06:41 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2014-09-21 19:06:41 -0700 |
| commit | 851430b1cfbee6d92e4e1c0f110e4e66a1609d55 (patch) | |
| tree | 9d360959bf390ad1c24f2958fcef0794c9b8aa53 /Mailman/Cgi | |
| parent | eb37da776d7a77c575b6452e60982b465a3f38ba (diff) | |
| download | mailman2-851430b1cfbee6d92e4e1c0f110e4e66a1609d55.tar.gz mailman2-851430b1cfbee6d92e4e1c0f110e4e66a1609d55.tar.xz mailman2-851430b1cfbee6d92e4e1c0f110e4e66a1609d55.zip | |
The options CGI now rejects all but HTTP GET and POST requests.
Diffstat (limited to 'Mailman/Cgi')
| -rw-r--r-- | Mailman/Cgi/options.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 853a3922..c1c08659 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -52,6 +52,18 @@ def main(): doc = Document() doc.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE) + method = Utils.GetRequestMethod() + if method.lower() not in ('get', 'post'): + title = _('CGI script error') + doc.SetTitle(title) + doc.AddItem(Header(2, title)) + doc.addError(_('Invalid request method: %(method)s')) + doc.AddItem('<hr>') + doc.AddItem(MailmanLogo()) + print 'Status: 405 Method Not Allowed' + print doc.Format() + return + parts = Utils.GetPathPieces() lenparts = parts and len(parts) if not parts or lenparts < 1: |