aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Mailman/Cgi/private.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 35b38dea..86608418 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -148,9 +148,10 @@ def main():
# page don't work.
if true_filename.endswith('/index.html') and parts[-1] <> 'index.html':
action += SLASH
+ # Escape web input parameter to avoid cross-site scripting.
print Utils.maketext(
'private.html',
- {'action' : action,
+ {'action' : Utils.websafe(action),
'realname': mlist.real_name,
'message' : message,
}, mlist=mlist)