diff options
| author | bwarsaw <> | 2003-12-13 16:27:42 +0000 |
|---|---|---|
| committer | bwarsaw <> | 2003-12-13 16:27:42 +0000 |
| commit | e4e38ef99ec8c747dfe2cf60b60b6271301a3244 (patch) | |
| tree | 454586431aea30ab51a36c365fb0c1ac246ef16c /Mailman/Gui/GUIBase.py | |
| parent | 4f6536f779a1142e0f0487e2285a659219f41a10 (diff) | |
| download | mailman2-e4e38ef99ec8c747dfe2cf60b60b6271301a3244.tar.gz mailman2-e4e38ef99ec8c747dfe2cf60b60b6271301a3244.tar.xz mailman2-e4e38ef99ec8c747dfe2cf60b60b6271301a3244.zip | |
handleForm(): Close some cross-site scripting holes found by Dirk
Mueller.
Diffstat (limited to 'Mailman/Gui/GUIBase.py')
| -rw-r--r-- | Mailman/Gui/GUIBase.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Mailman/Gui/GUIBase.py b/Mailman/Gui/GUIBase.py index 8e9171d6..a5437009 100644 --- a/Mailman/Gui/GUIBase.py +++ b/Mailman/Gui/GUIBase.py @@ -1,4 +1,4 @@ -# Copyright (C) 2002 by the Free Software Foundation, Inc. +# Copyright (C) 2002-2003 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -140,11 +140,11 @@ class GUIBase: elif not cgidata.has_key(property): continue elif isinstance(cgidata[property], ListType): - val = [x.value for x in cgidata[property]] + val = [Utils.websafe(x.value) for x in cgidata[property]] else: - val = cgidata[property].value + val = Utils.websafe(cgidata[property].value) # Coerce the value to the expected type, raising exceptions if the - # value is invalid + # value is invalid. try: val = self._getValidValue(mlist, property, wtype, val) except ValueError: |