aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2017-03-30 12:20:45 -0700
committerMark Sapiro <mark@msapiro.net>2017-03-30 12:20:45 -0700
commitf2d4b816b39a77c32562dc8a23b1fcd0e61cc869 (patch)
treea8c5760ba45740c7c6b78922e330602b23d6c728 /Mailman
parentbb0383b9174e1afb5939928539bfd9c20c8829f2 (diff)
downloadmailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.gz
mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.xz
mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.zip
Fixed unexploitable XSS attach via crafted HTTP Host: header.
Diffstat (limited to 'Mailman')
-rw-r--r--Mailman/Utils.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 7bae2e6e..739def1d 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -759,7 +759,7 @@ def get_domain():
if port and host.endswith(':' + port):
host = host[:-len(port)-1]
if mm_cfg.VIRTUAL_HOST_OVERVIEW and host:
- return host.lower()
+ return websafe(host.lower())
else:
# See the note in Defaults.py concerning DEFAULT_URL
# vs. DEFAULT_URL_HOST.