1 files changed, 18 insertions, 6 deletions

diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index cd9faa41..847d1a82 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -27,9 +27,9 @@ the mailing lists, and whatever else doesn't belong elsewhere.
 from __future__ import nested_scopes
 
 import os
+import sys
 import re
 import cgi
-import sha
 import time
 import errno
 import base64
@@ -56,6 +56,16 @@ from Mailman.SafeDict import SafeDict
 from Mailman.Logging.Syslog import syslog
 
 try:
+    import hashlib
+    md5_new = hashlib.md5
+    sha_new = hashlib.sha1
+except ImportError:
+    import md5
+    import sha
+    md5_new = md5.new
+    sha_new = sha.new
+
+try:
     True, False
 except NameError:
     True = 1
@@ -256,7 +266,7 @@ def ScriptURL(target, web_page_url=None, absolute=False):
         fullpath = os.environ.get('SCRIPT_NAME', '') + \
                    os.environ.get('PATH_INFO', '')
     baseurl = urlparse.urlparse(web_page_url)[2]
-    if not absolute and fullpath.endswith(baseurl):
+    if not absolute and fullpath.startswith(baseurl):
         # Use relative addressing
         fullpath = fullpath[len(baseurl):]
         i = fullpath.find('?')
@@ -384,7 +394,7 @@ def set_global_password(pw, siteadmin=True):
     omask = os.umask(026)
     try:
         fp = open(filename, 'w')
-        fp.write(sha.new(pw).hexdigest() + '\n')
+        fp.write(sha_new(pw).hexdigest() + '\n')
         fp.close()
     finally:
         os.umask(omask)
@@ -410,7 +420,7 @@ def check_global_password(response, siteadmin=True):
     challenge = get_global_password(siteadmin)
     if challenge is None:
         return None
-    return challenge == sha.new(response).hexdigest()
+    return challenge == sha_new(response).hexdigest()
 
 
 
@@ -895,7 +905,8 @@ def oneline(s, cset):
 # Many thanks are due to Moritz Naumann for his assistance with this.
 _badwords = [
     '<i?frame',
-    '<link',
+    # Kludge to allow the specific tag that's in the options.html template.
+    '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)',
     '<meta',
     '<script',
     r'(?:^|\W)j(?:ava)?script(?:\W|$)',
@@ -1034,3 +1045,4 @@ def suspiciousHTML(html):
         return True
     else:
         return False
+