diff options
author | Mark Sapiro <mark@msapiro.net> | 2017-03-30 12:20:45 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2017-03-30 12:20:45 -0700 |
commit | f2d4b816b39a77c32562dc8a23b1fcd0e61cc869 (patch) | |
tree | a8c5760ba45740c7c6b78922e330602b23d6c728 /Mailman | |
parent | bb0383b9174e1afb5939928539bfd9c20c8829f2 (diff) | |
download | mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.gz mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.xz mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.zip |
Fixed unexploitable XSS attach via crafted HTTP Host: header.
Diffstat (limited to 'Mailman')
-rw-r--r-- | Mailman/Utils.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 7bae2e6e..739def1d 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -759,7 +759,7 @@ def get_domain(): if port and host.endswith(':' + port): host = host[:-len(port)-1] if mm_cfg.VIRTUAL_HOST_OVERVIEW and host: - return host.lower() + return websafe(host.lower()) else: # See the note in Defaults.py concerning DEFAULT_URL # vs. DEFAULT_URL_HOST. |