/[smecontribs]/rpms/mailman/contribs7/mailman-2.1-CAN-2004-1177.patch
ViewVC logotype

Annotation of /rpms/mailman/contribs7/mailman-2.1-CAN-2004-1177.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (hide annotations) (download)
Tue Nov 25 16:20:13 2008 UTC (16 years ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +0 -0 lines
Restore

1 slords 1.1 --- mailman-2.1.5.orig/scripts/driver 2003-04-20 00:52:55.000000000 -0400
2     +++ /usr/src/local/mailman/mailman/scripts/driver 2004-12-27 19:38:22.000000000 -0500
3     @@ -1,6 +1,6 @@
4     # -*- python -*-
5    
6     -# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
7     +# Copyright (C) 1998-2004 by the Free Software Foundation, Inc.
8     #
9     # This program is free software; you can redistribute it and/or
10     # modify it under the terms of the GNU General Public License
11     @@ -28,7 +28,11 @@
12     # comfortable with. By setting STEALTH_MODE to 1, you disable the printing of
13     # this information to the web pages. This information is still, and always,
14     # printed in the error logs.
15     -STEALTH_MODE = 0
16     +STEALTH_MODE = 1
17     +
18     +# This will be set to the entity escaper.
19     +def websafe(s):
20     + return s
21    
22    
23    
24     @@ -53,12 +57,22 @@
25    
26    
27     def run_main():
28     + global STEALTH_MODE, websafe
29     +
30     # These will ensure that even if something between now and the
31     # creation of the real logger below fails, we can still get
32     # *something* meaningful.
33     logger = None
34     try:
35     import paths
36     + # When running in non-stealth mode, we need to escape entities,
37     + # otherwise we're vulnerable to cross-site scripting attacks.
38     + try:
39     + if not STEALTH_MODE:
40     + from Mailman.Utils import websafe
41     + except:
42     + STEALTH_MODE = 1
43     + raise
44     # Map stderr to a logger, if possible.
45     from Mailman.Logging.StampedLogger import StampedLogger
46     logger = StampedLogger('error',
47     @@ -140,11 +154,13 @@
48     a description of what happened. Thanks!
49    
50     <h4>Traceback:</h4><p><pre>'''
51     + exc_info = sys.exc_info()
52     if traceback:
53     - traceback.print_exc(file=sys.stdout)
54     + for line in traceback.format_exception(*exc_info):
55     + print websafe(line),
56     else:
57     print '[failed to import module traceback]'
58     - print '[exc: %s, var: %s]' % sys.exc_info()[0:2]
59     + print '[exc: %s, var: %s]' % [websafe(x) for x in exc_info[0:2]]
60     print '\n\n</pre></body>'
61     else:
62     print '''<p>Please inform the webmaster for this site of this
63     @@ -212,7 +228,9 @@
64     '''
65     if os:
66     for k, v in os.environ.items():
67     - print '<tr><td><tt>', k, '</tt></td><td>', v, '</td></tr>'
68     + print '<tr><td><tt>', websafe(k), \
69     + '</tt></td><td>', websafe(v), \
70     + '</td></tr>'
71     print '</table>'
72     else:
73     print '<p><hr>[failed to import module os]'

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed