1 |
slords |
1.1 |
--- mailman-2.1.5.1/Mailman/Cgi/admindb.py.CVE-2006-3636 2004-04-30 18:50:42.000000000 +0200 |
2 |
|
|
+++ mailman-2.1.5.1/Mailman/Cgi/admindb.py 2006-08-23 12:24:06.000000000 +0200 |
3 |
|
|
@@ -310,7 +310,7 @@ |
4 |
|
|
' ' + _('Permanently ban from this list') |
5 |
|
|
# While the address may be a unicode, it must be ascii |
6 |
|
|
paddr = addr.encode('us-ascii', 'replace') |
7 |
|
|
- table.AddRow(['%s<br><em>%s</em>' % (paddr, fullname), |
8 |
|
|
+ table.AddRow(['%s<br><em>%s</em>' % (paddr, Utils.websafe(fullname)), |
9 |
|
|
radio, |
10 |
|
|
TextBox('comment-%d' % id, size=40) |
11 |
|
|
]) |
12 |
|
|
@@ -354,7 +354,7 @@ |
13 |
|
|
mlist.HandleRequest(id, mm_cfg.DISCARD) |
14 |
|
|
continue |
15 |
|
|
num += 1 |
16 |
|
|
- table.AddRow(['%s<br><em>%s</em>' % (addr, fullname), |
17 |
|
|
+ table.AddRow(['%s<br><em>%s</em>' % (addr, Utils.websafe(fullname)), |
18 |
|
|
RadioButtonArray(id, (_('Defer'), |
19 |
|
|
_('Approve'), |
20 |
|
|
_('Reject'), |
21 |
|
|
--- mailman-2.1.5.1/Mailman/Cgi/create.py.CVE-2006-3636 2004-02-29 18:07:51.000000000 +0100 |
22 |
|
|
+++ mailman-2.1.5.1/Mailman/Cgi/create.py 2006-08-23 12:24:06.000000000 +0200 |
23 |
|
|
@@ -187,15 +187,24 @@ |
24 |
|
|
mlist.Create(listname, owner, pw, langs, emailhost) |
25 |
|
|
finally: |
26 |
|
|
os.umask(oldmask) |
27 |
|
|
- except Errors.EmailAddressError, s: |
28 |
|
|
+ except Errors.EmailAddressError, e: |
29 |
|
|
+ if e.args: |
30 |
|
|
+ s = Utils.websafe(e.args[0]) |
31 |
|
|
+ else: |
32 |
|
|
+ s = Utils.websafe(owner) |
33 |
|
|
request_creation(doc, cgidata, |
34 |
|
|
_('Bad owner email address: %(s)s')) |
35 |
|
|
return |
36 |
|
|
except Errors.MMListAlreadyExistsError: |
37 |
|
|
+ # MAS: List already exists so we don't need to websafe it. |
38 |
|
|
request_creation(doc, cgidata, |
39 |
|
|
_('List already exists: %(listname)s')) |
40 |
|
|
return |
41 |
|
|
- except Errors.BadListNameError, s: |
42 |
|
|
+ except Errors.BadListNameError, e: |
43 |
|
|
+ if e.args: |
44 |
|
|
+ s = Utils.websafe(e.args[0]) |
45 |
|
|
+ else: |
46 |
|
|
+ s = Utils.websafe(listname) |
47 |
|
|
request_creation(doc, cgidata, |
48 |
|
|
_('Illegal list name: %(s)s')) |
49 |
|
|
return |
50 |
|
|
@@ -318,15 +327,17 @@ |
51 |
|
|
ftable.AddRow([Center(Italic(_('List Identity')))]) |
52 |
|
|
ftable.AddCellInfo(ftable.GetCurrentRowIndex(), 0, colspan=2) |
53 |
|
|
|
54 |
|
|
- safelistname = Utils.websafe(cgidata.getvalue('listname', '')) |
55 |
|
|
+ listname = cgidata.getvalue('listname', '') |
56 |
|
|
+ # MAS: Don't websafe twice. TextBox does it. |
57 |
|
|
ftable.AddRow([Label(_('Name of list:')), |
58 |
|
|
- TextBox('listname', safelistname)]) |
59 |
|
|
+ TextBox('listname', listname)]) |
60 |
|
|
ftable.AddCellInfo(ftable.GetCurrentRowIndex(), 0, bgcolor=GREY) |
61 |
|
|
ftable.AddCellInfo(ftable.GetCurrentRowIndex(), 1, bgcolor=GREY) |
62 |
|
|
|
63 |
|
|
- safeowner = Utils.websafe(cgidata.getvalue('owner', '')) |
64 |
|
|
+ owner = cgidata.getvalue('owner', '') |
65 |
|
|
+ # MAS: Don't websafe twice. TextBox does it. |
66 |
|
|
ftable.AddRow([Label(_('Initial list owner address:')), |
67 |
|
|
- TextBox('owner', safeowner)]) |
68 |
|
|
+ TextBox('owner', owner)]) |
69 |
|
|
ftable.AddCellInfo(ftable.GetCurrentRowIndex(), 0, bgcolor=GREY) |
70 |
|
|
ftable.AddCellInfo(ftable.GetCurrentRowIndex(), 1, bgcolor=GREY) |
71 |
|
|
|
72 |
|
|
--- mailman-2.1.5.1/Mailman/Cgi/options.py.CVE-2006-3636 2004-02-29 17:45:27.000000000 +0100 |
73 |
|
|
+++ mailman-2.1.5.1/Mailman/Cgi/options.py 2006-08-23 12:24:06.000000000 +0200 |
74 |
|
|
@@ -652,7 +652,7 @@ |
75 |
|
|
|
76 |
|
|
fullname = Utils.uncanonstr(mlist.getMemberName(user), userlang) |
77 |
|
|
if fullname: |
78 |
|
|
- presentable_user += ', %s' % fullname |
79 |
|
|
+ presentable_user += ', %s' % Utils.websafe(fullname) |
80 |
|
|
|
81 |
|
|
# Do replacements |
82 |
|
|
replacements = mlist.GetStandardReplacements(userlang) |
83 |
|
|
--- mailman-2.1.5.1/Mailman/Cgi/edithtml.py.CVE-2006-3636 2002-05-22 05:00:18.000000000 +0200 |
84 |
|
|
+++ mailman-2.1.5.1/Mailman/Cgi/edithtml.py 2006-08-23 12:24:06.000000000 +0200 |
85 |
|
|
@@ -140,7 +140,8 @@ |
86 |
|
|
doc.AddItem('<p>') |
87 |
|
|
doc.AddItem('<hr>') |
88 |
|
|
form = Form(mlist.GetScriptURL('edithtml') + '/' + template_name) |
89 |
|
|
- text = Utils.websafe(Utils.maketext(template_name, raw=1, mlist=mlist)) |
90 |
|
|
+ text = Utils.maketext(template_name, raw=1, mlist=mlist) |
91 |
|
|
+ # MAS: Don't websafe twice. TextArea does it. |
92 |
|
|
form.AddItem(TextArea('html_code', text, rows=40, cols=75)) |
93 |
|
|
form.AddItem('<p>' + _('When you are done making changes...')) |
94 |
|
|
form.AddItem(SubmitButton('submit', _('Submit Changes'))) |
95 |
|
|
--- mailman-2.1.5.1/Mailman/Cgi/admin.py.CVE-2006-3636 2003-12-24 18:27:45.000000000 +0100 |
96 |
|
|
+++ mailman-2.1.5.1/Mailman/Cgi/admin.py 2006-08-23 12:25:48.000000000 +0200 |
97 |
|
|
@@ -1319,6 +1319,7 @@ |
98 |
|
|
# we display. Try uploading a file with 10k names -- it takes a while |
99 |
|
|
# to render the status page. |
100 |
|
|
for entry in entries: |
101 |
|
|
+ safeentry = Utils.websafe(entry) |
102 |
|
|
fullname, address = parseaddr(entry) |
103 |
|
|
# Canonicalize the full name |
104 |
|
|
fullname = Utils.canonstr(fullname, mlist.preferred_language) |
105 |
|
|
@@ -1336,17 +1337,17 @@ |
106 |
|
|
send_admin_notif, invitation, |
107 |
|
|
whence='admin mass sub') |
108 |
|
|
except Errors.MMAlreadyAMember: |
109 |
|
|
- subscribe_errors.append((entry, _('Already a member'))) |
110 |
|
|
+ subscribe_errors.append((safeentry, _('Already a member'))) |
111 |
|
|
except Errors.MMBadEmailError: |
112 |
|
|
if userdesc.address == '': |
113 |
|
|
subscribe_errors.append((_('<blank line>'), |
114 |
|
|
_('Bad/Invalid email address'))) |
115 |
|
|
else: |
116 |
|
|
- subscribe_errors.append((entry, |
117 |
|
|
+ subscribe_errors.append((safeentry, |
118 |
|
|
_('Bad/Invalid email address'))) |
119 |
|
|
except Errors.MMHostileAddress: |
120 |
|
|
subscribe_errors.append( |
121 |
|
|
- (entry, _('Hostile address (illegal characters)'))) |
122 |
|
|
+ (safeentry, _('Hostile address (illegal characters)'))) |
123 |
|
|
else: |
124 |
|
|
member = Utils.uncanonstr(formataddr((fullname, address))) |
125 |
|
|
subscribe_success.append(Utils.websafe(member)) |
126 |
|
|
@@ -1386,9 +1387,9 @@ |
127 |
|
|
addr, whence='admin mass unsub', |
128 |
|
|
admin_notif=send_unsub_notifications, |
129 |
|
|
userack=userack) |
130 |
|
|
- unsubscribe_success.append(addr) |
131 |
|
|
+ unsubscribe_success.append(Utils.websafe(addr)) |
132 |
|
|
except Errors.NotAMemberError: |
133 |
|
|
- unsubscribe_errors.append(addr) |
134 |
|
|
+ unsubscribe_errors.append(Utils.websafe(addr)) |
135 |
|
|
if unsubscribe_success: |
136 |
|
|
doc.AddItem(Header(5, _('Successfully Unsubscribed:'))) |
137 |
|
|
doc.AddItem(UnorderedList(*unsubscribe_success)) |
138 |
|
|
--- mailman-2.1.5.1/Mailman/Utils.py.CVE-2006-3636 2003-12-26 23:50:04.000000000 +0100 |
139 |
|
|
+++ mailman-2.1.5.1/Mailman/Utils.py 2006-08-23 12:24:06.000000000 +0200 |
140 |
|
|
@@ -201,7 +201,7 @@ |
141 |
|
|
_badchars = re.compile(r'[][()<>|;^,/\200-\377]') |
142 |
|
|
|
143 |
|
|
def ValidateEmail(s): |
144 |
|
|
- """Verify that the an email address isn't grossly evil.""" |
145 |
|
|
+ """Verify that an email address isn't grossly evil.""" |
146 |
|
|
# Pretty minimal, cheesy check. We could do better... |
147 |
|
|
if not s or s.count(' ') > 0: |
148 |
|
|
raise Errors.MMBadEmailError |
149 |
|
|
--- mailman-2.1.5.1/Mailman/htmlformat.py.CVE-2006-3636 2003-09-22 04:58:13.000000000 +0200 |
150 |
|
|
+++ mailman-2.1.5.1/Mailman/htmlformat.py 2006-08-23 12:24:06.000000000 +0200 |
151 |
|
|
@@ -448,7 +448,11 @@ |
152 |
|
|
|
153 |
|
|
class TextBox(InputObj): |
154 |
|
|
def __init__(self, name, value='', size=mm_cfg.TEXTFIELDWIDTH): |
155 |
|
|
- InputObj.__init__(self, name, "TEXT", value, checked=0, size=size) |
156 |
|
|
+ if isinstance(value, str): |
157 |
|
|
+ safevalue = Utils.websafe(value) |
158 |
|
|
+ else: |
159 |
|
|
+ safevalue = value |
160 |
|
|
+ InputObj.__init__(self, name, "TEXT", safevalue, checked=0, size=size) |
161 |
|
|
|
162 |
|
|
class Hidden(InputObj): |
163 |
|
|
def __init__(self, name, value=''): |
164 |
|
|
@@ -457,8 +461,12 @@ |
165 |
|
|
class TextArea: |
166 |
|
|
def __init__(self, name, text='', rows=None, cols=None, wrap='soft', |
167 |
|
|
readonly=0): |
168 |
|
|
+ if isinstance(text, str): |
169 |
|
|
+ safetext = Utils.websafe(text) |
170 |
|
|
+ else: |
171 |
|
|
+ safetext = text |
172 |
|
|
self.name = name |
173 |
|
|
- self.text = text |
174 |
|
|
+ self.text = safetext |
175 |
|
|
self.rows = rows |
176 |
|
|
self.cols = cols |
177 |
|
|
self.wrap = wrap |
178 |
|
|
--- mailman-2.1.5.1/Mailman/Gui/General.py.CVE-2006-3636 2004-02-17 20:27:46.000000000 +0100 |
179 |
|
|
+++ mailman-2.1.5.1/Mailman/Gui/General.py 2006-08-23 12:24:06.000000000 +0200 |
180 |
|
|
@@ -433,13 +433,13 @@ |
181 |
|
|
GUIBase._setValue(self, mlist, property, val, doc) |
182 |
|
|
|
183 |
|
|
def _escape(self, property, value): |
184 |
|
|
- # The 'info' property allows HTML, but lets sanitize it to avoid XSS |
185 |
|
|
+ # The 'info' property allows HTML, but let's sanitize it to avoid XSS |
186 |
|
|
# exploits. Everything else should be fully escaped. |
187 |
|
|
if property <> 'info': |
188 |
|
|
return GUIBase._escape(self, property, value) |
189 |
|
|
# Sanitize <script> and </script> tags but nothing else. Not the best |
190 |
|
|
# solution, but expedient. |
191 |
|
|
- return re.sub(r'<([/]?script.*?)>', r'<\1>', value) |
192 |
|
|
+ return re.sub(r'(?i)<([/]?script.*?)>', r'<\1>', value) |
193 |
|
|
|
194 |
|
|
def _postValidate(self, mlist, doc): |
195 |
|
|
if not mlist.reply_to_address.strip() and \ |
196 |
|
|
--- mailman-2.1.5.1/Mailman/HTMLFormatter.py.CVE-2006-3636 2003-09-29 17:01:22.000000000 +0200 |
197 |
|
|
+++ mailman-2.1.5.1/Mailman/HTMLFormatter.py 2006-08-23 12:24:06.000000000 +0200 |
198 |
|
|
@@ -332,8 +332,12 @@ |
199 |
|
|
return '</FORM>' |
200 |
|
|
|
201 |
|
|
def FormatBox(self, name, size=20, value=''): |
202 |
|
|
+ if isinstance(value, str): |
203 |
|
|
+ safevalue = Utils.websafe(value) |
204 |
|
|
+ else: |
205 |
|
|
+ safevalue = value |
206 |
|
|
return '<INPUT type="Text" name="%s" size="%d" value="%s">' % ( |
207 |
|
|
- name, size, value) |
208 |
|
|
+ name, size, safevalue) |
209 |
|
|
|
210 |
|
|
def FormatSecureBox(self, name): |
211 |
|
|
return '<INPUT type="Password" name="%s" size="15">' % name |