From e17a9218ddd5b614c2a02743cedc9652974af7af Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Wed, 3 Nov 2021 12:02:21 -0700
Subject: Fix a potentail XSS attack via the user options page.

---
 Mailman/Cgi/options.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Mailman/Cgi/options.py')

diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 60b7d9b6..3db0a172 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -346,6 +346,8 @@ def main():
             varhelp = qs[0]
     if varhelp:
         # Sanitize the topic name.
+        while '%' in varhelp:
+            varhelp = urllib.unquote_plus(varhelp)
         varhelp = re.sub('<.*', '', varhelp)
         topic_details(mlist, doc, user, cpuser, userlang, varhelp)
         return
-- 
cgit v1.2.3