Defend against CGI requests with multiple values for the same parameter.

author: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
committer: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
commit: 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree: f7743c3b5fc245e214bc94da3266bd16f9d664e2 /Mailman/Gui
parent: 845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download: mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip
2 files changed, 9 insertions, 9 deletions
diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py
index 2a9cca26..f6de8a32 100644
--- a/Mailman/Gui/Privacy.py
+++ b/Mailman/Gui/Privacy.py
@@ -641,9 +641,9 @@ class Privacy(GUIBase):
             if cgidata.has_key(deltag):
                 continue
             # Get the data for the current box
-            pattern = cgidata.getvalue(reboxtag)
+            pattern = cgidata.getfirst(reboxtag)
             try:
-                action  = int(cgidata.getvalue(actiontag))
+                action  = int(cgidata.getfirst(actiontag))
                 # We'll get a TypeError when the actiontag is missing and the
                 # .getvalue() call returns None.
             except (ValueError, TypeError):
@@ -682,7 +682,7 @@ class Privacy(GUIBase):
             # Was this an add item?
             if cgidata.has_key(addtag):
                 # Where should the new one be added?
-                where = cgidata.getvalue(wheretag)
+                where = cgidata.getfirst(wheretag)
                 if where == 'before':
                     # Add a new empty rule box before the current one
                     rules.append(('', mm_cfg.DEFER, True))
diff --git a/Mailman/Gui/Topics.py b/Mailman/Gui/Topics.py
index ec60dbda..642059e5 100644
--- a/Mailman/Gui/Topics.py
+++ b/Mailman/Gui/Topics.py
@@ -114,9 +114,9 @@ class Topics(GUIBase):
             if cgidata.has_key(deltag):
                 continue
             # Get the data for the current box
-            name  = cgidata.getvalue(boxtag)
-            pattern = cgidata.getvalue(reboxtag)
-            desc  = cgidata.getvalue(desctag)
+            name  = cgidata.getfirst(boxtag)
+            pattern = cgidata.getfirst(reboxtag)
+            desc  = cgidata.getfirst(desctag)
             if name is None:
                 # We came to the end of the boxes
                 break
@@ -138,7 +138,7 @@ class Topics(GUIBase):
             # Was this an add item?
             if cgidata.has_key(addtag):
                 # Where should the new one be added?
-                where = cgidata.getvalue(wheretag)
+                where = cgidata.getfirst(wheretag)
                 if where == 'before':
                     # Add a new empty topics box before the current one
                     topics.append(('', '', '', True))
@@ -154,14 +154,14 @@ class Topics(GUIBase):
         # options.
         mlist.topics = topics
         try:
-            mlist.topics_enabled = int(cgidata.getvalue(
+            mlist.topics_enabled = int(cgidata.getfirst(
                 'topics_enabled',
                 mlist.topics_enabled))
         except ValueError:
             # BAW: should really print a warning
             pass
         try:
-            mlist.topics_bodylines_limit = int(cgidata.getvalue(
+            mlist.topics_bodylines_limit = int(cgidata.getfirst(
                 'topics_bodylines_limit',
                 mlist.topics_bodylines_limit))
         except ValueError:
author	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
committer	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
commit	0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree	f7743c3b5fc245e214bc94da3266bd16f9d664e2 /Mailman/Gui
parent	845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download	mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip