From 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Mon, 5 Jun 2017 20:48:34 -0700 Subject: Defend against CGI requests with multiple values for the same parameter. --- Mailman/Cgi/listinfo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 340f0fc1..6b967b7c 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -59,7 +59,7 @@ def main(): # See if the user want to see this page in other language cgidata = cgi.FieldStorage() try: - language = cgidata.getvalue('language') + language = cgidata.getfirst('language') except TypeError: # Someone crafted a POST with a bad Content-Type:. doc = Document() -- cgit v1.2.3