From 18f080804e368c63de499b32717d57701aaf8880 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Tue, 4 Dec 2007 11:52:18 -0800 Subject: Mailman/Cgi/edithtml.py Mailman/Gui/General.py Mailman/Utils.py - Better detection of potentially evil HTML in GUI. Mailman/Version.py NEWS - Updates for 2.1.10b1 release. Mailman/Gui/General.py messages/mailman.pot - Added admin_member_chunksize to Gui. Two new associated messages. --- Mailman/Cgi/edithtml.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'Mailman/Cgi') diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py index b5967b34..3aa8ab4e 100644 --- a/Mailman/Cgi/edithtml.py +++ b/Mailman/Cgi/edithtml.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2006 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2007 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -159,7 +159,20 @@ def ChangeHTML(mlist, cgi_info, template_name, doc): doc.AddItem('
') return code = cgi_info['html_code'].value - code = re.sub(r'<([/]?script.*?)>', r'<\1>', code) + if Utils.suspiciousHTML(code): + doc.AddItem(Header(3, + _("""The page you saved contains suspicious HTML that could +potentially expose your users to cross-site scripting attacks. This change +has therefore been rejected. If you still want to make these changes, you +must have shell access to your Mailman server. + """))) + doc.AddItem(_('See ')) + doc.AddItem(Link( +'http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.048.htp', + _('FAQ 4.48.'))) + doc.AddItem(Header(3,_("Page Unchanged."))) + doc.AddItem('
') + return langdir = os.path.join(mlist.fullpath(), mlist.preferred_language) # Make sure the directory exists omask = os.umask(0) -- cgit v1.2.3