diff options
| author | bwarsaw | 2001-11-30 08:00:20 +0000 |
|---|---|---|
| committer | bwarsaw | 2001-11-30 08:00:20 +0000 |
| commit | 2573211cd38281e3ff9c18be8babdc3d82371bd7 (patch) | |
| tree | 2a883a62071a0b24ae7d997803cbf4ec2b6d2f93 /Mailman/Cgi/rmlist.py | |
| parent | 85cb1112319965a77f5b6aff2d702d8740d5f855 (diff) | |
| download | mailman-2573211cd38281e3ff9c18be8babdc3d82371bd7.tar.gz mailman-2573211cd38281e3ff9c18be8babdc3d82371bd7.tar.zst mailman-2573211cd38281e3ff9c18be8babdc3d82371bd7.zip | |
Diffstat (limited to 'Mailman/Cgi/rmlist.py')
| -rw-r--r-- | Mailman/Cgi/rmlist.py | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py index 87e725585..77c0b2ffe 100644 --- a/Mailman/Cgi/rmlist.py +++ b/Mailman/Cgi/rmlist.py @@ -57,7 +57,9 @@ def main(): try: mlist = MailList.MailList(listname, lock=0) except Errors.MMListError, e: - title = _('No such list <em>%(listname)s</em>') + # Avoid cross-site scripting attacks + safelistname = cgi.escape(listname) + title = _('No such list <em>%(safelistname)s</em>') doc.SetTitle(title) doc.AddItem( Header(3, @@ -72,17 +74,6 @@ def main(): i18n.set_language(mlist.preferred_language) doc.set_language(mlist.preferred_language) - if len(parts) <> 1: - # Bad URL specification - title = _('Bad URL specification') - doc.SetTitle(title) - doc.AddItem( - Header(3, Bold(FontAttr(title, color='#ff0000', size='+2')))) - doc.AddItem(mlist.GetMailmanFooter()) - print doc.Format() - syslog('error', 'Bad URL specification: %s', parts) - return - # Be sure the list owners are not sneaking around! if not mm_cfg.OWNERS_CAN_DELETE_THEIR_OWN_LISTS: title = _("You're being a sneaky list owner!") |