From 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Mon, 5 Jun 2017 20:48:34 -0700 Subject: Defend against CGI requests with multiple values for the same parameter. --- Mailman/Cgi/listinfo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 340f0fc1..6b967b7c 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -59,7 +59,7 @@ def main(): # See if the user want to see this page in other language cgidata = cgi.FieldStorage() try: - language = cgidata.getvalue('language') + language = cgidata.getfirst('language') except TypeError: # Someone crafted a POST with a bad Content-Type:. doc = Document() -- cgit v1.2.3 From 4d3f440efd8b01cd16cb0d0644cac5fce3609b46 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Mon, 5 Jun 2017 22:47:05 -0700 Subject: Bumped Copyrights and fixed a bug in prior commit. --- Mailman/Cgi/listinfo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Cgi/listinfo.py') diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 6b967b7c..b8704486 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2017 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License -- cgit v1.2.3