diff options
| author | Mark Sapiro <mark@msapiro.net> | 2008-06-30 08:32:26 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2008-06-30 08:32:26 -0700 |
| commit | 3f53fd904700c5878733d39bec5aac89070257f5 (patch) | |
| tree | c5d3827444c7c78e8f17d1bb52aefe2c56a84270 /Mailman/MailList.py | |
| parent | 262a617078d67cde8c30624272fa4ebefe2e572f (diff) | |
| download | mailman2-3f53fd904700c5878733d39bec5aac89070257f5.tar.gz mailman2-3f53fd904700c5878733d39bec5aac89070257f5.tar.xz mailman2-3f53fd904700c5878733d39bec5aac89070257f5.zip | |
- Bumped version to 2.1.11.
- Changed MailList.Create() to check that list name contains only characters
that match the new mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS.
- Changed MTA.Utils.makealiases() to escape a few characters in the list name
in the pipe command.
Diffstat (limited to '')
| -rw-r--r-- | Mailman/MailList.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Mailman/MailList.py b/Mailman/MailList.py index 7cd2c5cb..ac2d1baf 100644 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -475,6 +475,12 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, assert name == name.lower(), 'List name must be all lower case.' if Utils.list_exists(name): raise Errors.MMListAlreadyExistsError, name + # Problems and potential attacks can occur if the list name in the + # pipe to the wrapper in an MTA alias or other delivery process + # contains shell special characters so allow only defined characters + # (default = '[-+_.=a-z0-9]'). + if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', name)) > 0: + raise Errors.BadListNameError, name # Validate what will be the list's posting address. If that's # invalid, we don't want to create the mailing list. The hostname # part doesn't really matter, since that better already be valid. |