Fixes for CVEs 2021-42096 and 2021-42097.

author: Mark Sapiro <mark@msapiro.net> 2021-10-18 16:56:42 -0700
committer: Mark Sapiro <mark@msapiro.net> 2021-10-18 16:56:42 -0700
commit: 5ea7ee4e955d96177e461b0a1f2c2be04df12ea8 (patch)
tree: ade915f7858d465fa9d837d385b1b4db5704d949 /Mailman/SecurityManager.py
parent: e5cc9a25db87802b300834a890d0c5e274deaf6d (diff)
download: mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.gz
mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.xz
mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 9b7f03f3..e9e5ce53 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -104,6 +104,7 @@ class SecurityManager:
             if user is None:
                 # A bad system error
                 raise TypeError, 'No user supplied for AuthUser context'
+            user = Utils.UnobscureEmail(urllib.unquote(user))
             secret = self.getMemberPassword(user)
             userdata = urllib.quote(Utils.ObscureEmail(user), safe='')
             key += 'user+%s' % userdata
author	Mark Sapiro <mark@msapiro.net>	2021-10-18 16:56:42 -0700
committer	Mark Sapiro <mark@msapiro.net>	2021-10-18 16:56:42 -0700
commit	5ea7ee4e955d96177e461b0a1f2c2be04df12ea8 (patch)
tree	ade915f7858d465fa9d837d385b1b4db5704d949 /Mailman/SecurityManager.py
parent	e5cc9a25db87802b300834a890d0c5e274deaf6d (diff)
download	mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.gz mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.xz mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.zip