[Bug 1190802] [NEW] admin interface CSRF check fails if listname contains '+'
Mark Sapiro
mark at msapiro.net
Fri Jun 14 02:40:15 CEST 2013
Public bug reported:
The hardening of the web admin interface against CSRF attacks which was
introduced in Mailman 2.1.15 did not take into account listnames that
contain a '+' character and confuses it with a derlimiter causing the
check to fail.
** Affects: mailman
Importance: High
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1190802
Title:
admin interface CSRF check fails if listname contains '+'
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1190802/+subscriptions
More information about the Mailman-coders
mailing list