From 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Mon, 5 Jun 2017 20:48:34 -0700 Subject: Defend against CGI requests with multiple values for the same parameter. --- Mailman/Gui/Privacy.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Mailman/Gui/Privacy.py') diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py index 2a9cca26..f6de8a32 100644 --- a/Mailman/Gui/Privacy.py +++ b/Mailman/Gui/Privacy.py @@ -641,9 +641,9 @@ class Privacy(GUIBase): if cgidata.has_key(deltag): continue # Get the data for the current box - pattern = cgidata.getvalue(reboxtag) + pattern = cgidata.getfirst(reboxtag) try: - action = int(cgidata.getvalue(actiontag)) + action = int(cgidata.getfirst(actiontag)) # We'll get a TypeError when the actiontag is missing and the # .getvalue() call returns None. except (ValueError, TypeError): @@ -682,7 +682,7 @@ class Privacy(GUIBase): # Was this an add item? if cgidata.has_key(addtag): # Where should the new one be added? - where = cgidata.getvalue(wheretag) + where = cgidata.getfirst(wheretag) if where == 'before': # Add a new empty rule box before the current one rules.append(('', mm_cfg.DEFER, True)) -- cgit v1.2.3 From 4d3f440efd8b01cd16cb0d0644cac5fce3609b46 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Mon, 5 Jun 2017 22:47:05 -0700 Subject: Bumped Copyrights and fixed a bug in prior commit. --- Mailman/Gui/Privacy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Mailman/Gui/Privacy.py') diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py index f6de8a32..b1e1eecf 100644 --- a/Mailman/Gui/Privacy.py +++ b/Mailman/Gui/Privacy.py @@ -1,4 +1,4 @@ -# Copyright (C) 2001-2016 by the Free Software Foundation, Inc. +# Copyright (C) 2001-2017 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License -- cgit v1.2.3