1 |
unnilennium |
1.1 |
--- mailman-2.1.5.orig/scripts/driver 2003-04-20 00:52:55.000000000 -0400 |
2 |
|
|
+++ /usr/src/local/mailman/mailman/scripts/driver 2004-12-27 19:38:22.000000000 -0500 |
3 |
|
|
@@ -1,6 +1,6 @@ |
4 |
|
|
# -*- python -*- |
5 |
|
|
|
6 |
|
|
-# Copyright (C) 1998-2003 by the Free Software Foundation, Inc. |
7 |
|
|
+# Copyright (C) 1998-2004 by the Free Software Foundation, Inc. |
8 |
|
|
# |
9 |
|
|
# This program is free software; you can redistribute it and/or |
10 |
|
|
# modify it under the terms of the GNU General Public License |
11 |
|
|
@@ -28,7 +28,11 @@ |
12 |
|
|
# comfortable with. By setting STEALTH_MODE to 1, you disable the printing of |
13 |
|
|
# this information to the web pages. This information is still, and always, |
14 |
|
|
# printed in the error logs. |
15 |
|
|
-STEALTH_MODE = 0 |
16 |
|
|
+STEALTH_MODE = 1 |
17 |
|
|
+ |
18 |
|
|
+# This will be set to the entity escaper. |
19 |
|
|
+def websafe(s): |
20 |
|
|
+ return s |
21 |
|
|
|
22 |
|
|
|
23 |
|
|
|
24 |
|
|
@@ -53,12 +57,22 @@ |
25 |
|
|
|
26 |
|
|
|
27 |
|
|
def run_main(): |
28 |
|
|
+ global STEALTH_MODE, websafe |
29 |
|
|
+ |
30 |
|
|
# These will ensure that even if something between now and the |
31 |
|
|
# creation of the real logger below fails, we can still get |
32 |
|
|
# *something* meaningful. |
33 |
|
|
logger = None |
34 |
|
|
try: |
35 |
|
|
import paths |
36 |
|
|
+ # When running in non-stealth mode, we need to escape entities, |
37 |
|
|
+ # otherwise we're vulnerable to cross-site scripting attacks. |
38 |
|
|
+ try: |
39 |
|
|
+ if not STEALTH_MODE: |
40 |
|
|
+ from Mailman.Utils import websafe |
41 |
|
|
+ except: |
42 |
|
|
+ STEALTH_MODE = 1 |
43 |
|
|
+ raise |
44 |
|
|
# Map stderr to a logger, if possible. |
45 |
|
|
from Mailman.Logging.StampedLogger import StampedLogger |
46 |
|
|
logger = StampedLogger('error', |
47 |
|
|
@@ -140,11 +154,13 @@ |
48 |
|
|
a description of what happened. Thanks! |
49 |
|
|
|
50 |
|
|
<h4>Traceback:</h4><p><pre>''' |
51 |
|
|
+ exc_info = sys.exc_info() |
52 |
|
|
if traceback: |
53 |
|
|
- traceback.print_exc(file=sys.stdout) |
54 |
|
|
+ for line in traceback.format_exception(*exc_info): |
55 |
|
|
+ print websafe(line), |
56 |
|
|
else: |
57 |
|
|
print '[failed to import module traceback]' |
58 |
|
|
- print '[exc: %s, var: %s]' % sys.exc_info()[0:2] |
59 |
|
|
+ print '[exc: %s, var: %s]' % [websafe(x) for x in exc_info[0:2]] |
60 |
|
|
print '\n\n</pre></body>' |
61 |
|
|
else: |
62 |
|
|
print '''<p>Please inform the webmaster for this site of this |
63 |
|
|
@@ -212,7 +228,9 @@ |
64 |
|
|
''' |
65 |
|
|
if os: |
66 |
|
|
for k, v in os.environ.items(): |
67 |
|
|
- print '<tr><td><tt>', k, '</tt></td><td>', v, '</td></tr>' |
68 |
|
|
+ print '<tr><td><tt>', websafe(k), \ |
69 |
|
|
+ '</tt></td><td>', websafe(v), \ |
70 |
|
|
+ '</td></tr>' |
71 |
|
|
print '</table>' |
72 |
|
|
else: |
73 |
|
|
print '<p><hr>[failed to import module os]' |