diff options
| author | bwarsaw | 1999-11-29 16:40:53 +0000 |
|---|---|---|
| committer | bwarsaw | 1999-11-29 16:40:53 +0000 |
| commit | 2073882abbbcc1a7d5dbbe7f71d27cfaef35d4ce (patch) | |
| tree | 6c026252a88e9b7dc211727a96e1cc373ca5b98c /Mailman/Cgi/admin.py | |
| parent | 02d53b2445aff540d0f856f099c20b160ea659ba (diff) | |
| download | mailman-2073882abbbcc1a7d5dbbe7f71d27cfaef35d4ce.tar.gz mailman-2073882abbbcc1a7d5dbbe7f71d27cfaef35d4ce.tar.zst mailman-2073882abbbcc1a7d5dbbe7f71d27cfaef35d4ce.zip | |
Diffstat (limited to 'Mailman/Cgi/admin.py')
| -rw-r--r-- | Mailman/Cgi/admin.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py index 8e6d563ec..df2f57838 100644 --- a/Mailman/Cgi/admin.py +++ b/Mailman/Cgi/admin.py @@ -811,6 +811,17 @@ def ChangeOptions(mlist, category, cgi_info, document): val = cgi_info[property].value value = GetValidValue(mlist, property, kind, val, deps) if getattr(mlist, property) != value: + # TBD: Ensure that mlist.real_name differs only in letter + # case. Otherwise a security hole can potentially be opened + # when using an external archiver. This seems ad-hoc and + # could use a more general security policy. + if property == 'real_name' and \ + string.lower(value) <> string.lower(mlist._internal_name): + # then don't install this value. + document.AddItem("""<p><b>real_name</b> attribute not + changed! It must differ from the list's name by case + only.<p>""") + continue setattr(mlist, property, value) dirty = 1 # |