diff options
| author | tkikuchi | 2006-04-04 23:57:42 +0000 |
|---|---|---|
| committer | tkikuchi | 2006-04-04 23:57:42 +0000 |
| commit | d2690b029f12f7d1a69269bc4b875715a418b160 (patch) | |
| tree | 5d4e23dbb1f3f444491fddc4b8bb718040c2a61f /Mailman/Cgi/private.py | |
| parent | dc21c189476a36df8306a50359b1312e3c7b321c (diff) | |
| download | mailman-d2690b029f12f7d1a69269bc4b875715a418b160.tar.gz mailman-d2690b029f12f7d1a69269bc4b875715a418b160.tar.zst mailman-d2690b029f12f7d1a69269bc4b875715a418b160.zip | |
Diffstat (limited to 'Mailman/Cgi/private.py')
| -rw-r--r-- | Mailman/Cgi/private.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py index 35b38dea7..866084187 100644 --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2005 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2006 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -148,9 +148,10 @@ def main(): # page don't work. if true_filename.endswith('/index.html') and parts[-1] <> 'index.html': action += SLASH + # Escape web input parameter to avoid cross-site scripting. print Utils.maketext( 'private.html', - {'action' : action, + {'action' : Utils.websafe(action), 'realname': mlist.real_name, 'message' : message, }, mlist=mlist) |