/[smecontribs]/rpms/mailman/contribs7/mailman-2.1-CAN-2004-1177.patch
ViewVC logotype

Contents of /rpms/mailman/contribs7/mailman-2.1-CAN-2004-1177.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (show annotations) (download)
Tue Nov 25 16:20:13 2008 UTC (16 years ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +0 -0 lines
Restore

1 --- mailman-2.1.5.orig/scripts/driver 2003-04-20 00:52:55.000000000 -0400
2 +++ /usr/src/local/mailman/mailman/scripts/driver 2004-12-27 19:38:22.000000000 -0500
3 @@ -1,6 +1,6 @@
4 # -*- python -*-
5
6 -# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
7 +# Copyright (C) 1998-2004 by the Free Software Foundation, Inc.
8 #
9 # This program is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU General Public License
11 @@ -28,7 +28,11 @@
12 # comfortable with. By setting STEALTH_MODE to 1, you disable the printing of
13 # this information to the web pages. This information is still, and always,
14 # printed in the error logs.
15 -STEALTH_MODE = 0
16 +STEALTH_MODE = 1
17 +
18 +# This will be set to the entity escaper.
19 +def websafe(s):
20 + return s
21
22
23
24 @@ -53,12 +57,22 @@
25
26
27 def run_main():
28 + global STEALTH_MODE, websafe
29 +
30 # These will ensure that even if something between now and the
31 # creation of the real logger below fails, we can still get
32 # *something* meaningful.
33 logger = None
34 try:
35 import paths
36 + # When running in non-stealth mode, we need to escape entities,
37 + # otherwise we're vulnerable to cross-site scripting attacks.
38 + try:
39 + if not STEALTH_MODE:
40 + from Mailman.Utils import websafe
41 + except:
42 + STEALTH_MODE = 1
43 + raise
44 # Map stderr to a logger, if possible.
45 from Mailman.Logging.StampedLogger import StampedLogger
46 logger = StampedLogger('error',
47 @@ -140,11 +154,13 @@
48 a description of what happened. Thanks!
49
50 <h4>Traceback:</h4><p><pre>'''
51 + exc_info = sys.exc_info()
52 if traceback:
53 - traceback.print_exc(file=sys.stdout)
54 + for line in traceback.format_exception(*exc_info):
55 + print websafe(line),
56 else:
57 print '[failed to import module traceback]'
58 - print '[exc: %s, var: %s]' % sys.exc_info()[0:2]
59 + print '[exc: %s, var: %s]' % [websafe(x) for x in exc_info[0:2]]
60 print '\n\n</pre></body>'
61 else:
62 print '''<p>Please inform the webmaster for this site of this
63 @@ -212,7 +228,9 @@
64 '''
65 if os:
66 for k, v in os.environ.items():
67 - print '<tr><td><tt>', k, '</tt></td><td>', v, '</td></tr>'
68 + print '<tr><td><tt>', websafe(k), \
69 + '</tt></td><td>', websafe(v), \
70 + '</td></tr>'
71 print '</table>'
72 else:
73 print '<p><hr>[failed to import module os]'

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed