diff options
-rw-r--r-- | Mailman/Cgi/options.py | 6 | ||||
-rw-r--r-- | Mailman/Cgi/roster.py | 6 | ||||
-rw-r--r-- | Mailman/Cgi/subscribe.py | 8 | ||||
-rw-r--r-- | NEWS | 4 |
4 files changed, 12 insertions, 12 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 6841ae64..6316af6e 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -434,8 +434,8 @@ address. Upon confirmation, any other mailing list containing the address options_page(mlist, doc, user, cpuser, userlang) print doc.Format() return - newpw = cgidata.getvalue('newpw') - confirmpw = cgidata.getvalue('confpw') + newpw = cgidata.getvalue('newpw', '').strip() + confirmpw = cgidata.getvalue('confpw', '').strip() if not newpw or not confirmpw: options_page(mlist, doc, user, cpuser, userlang, _('Passwords may not be blank')) diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py index d31608ff..6260c973 100644 --- a/Mailman/Cgi/roster.py +++ b/Mailman/Cgi/roster.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -73,8 +73,8 @@ def main(): # "admin"-only, then we try to cookie authenticate the user, and failing # that, we check roster-email and roster-pw fields for a valid password. # (also allowed: the list moderator, the list admin, and the site admin). - password = cgidata.getvalue('roster-pw', '') - addr = cgidata.getvalue('roster-email', '') + password = cgidata.getvalue('roster-pw', '').strip() + addr = cgidata.getvalue('roster-email', '').strip() list_hidden = (not mlist.WebAuthenticate((mm_cfg.AuthUser,), password, addr) and mlist.WebAuthenticate((mm_cfg.AuthListModerator, diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 0d10eb19..7c49c51c 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -125,12 +125,12 @@ def process_form(mlist, doc, cgidata, lang): syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote) results.append(_('You may not subscribe a list to itself!')) # If the user did not supply a password, generate one for him - password = cgidata.getvalue('pw') - confirmed = cgidata.getvalue('pw-conf') + password = cgidata.getvalue('pw', '').strip() + confirmed = cgidata.getvalue('pw-conf', '').strip() - if password is None and confirmed is None: + if not password and not confirmed: password = Utils.MakeRandomPassword() - elif password is None or confirmed is None: + elif not password or not confirmed: results.append(_('If you supply a password, you must confirm it.')) elif password <> confirmed: results.append(_('Your passwords did not match.')) @@ -55,8 +55,8 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches - - Strengthened escaping of user web data by including some characters that - some older browsers misinterpret as < or >. + - Prevented setting user passwords with leading/trailing whitespace. + Bug #778088. - Mailman now sets the 'secure' flag in cookies set via https URLs. Bug #770377. |