aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/private.py
diff options
context:
space:
mode:
authorYasuhito FUTATSUKI <futatuki@poem.co.jp>2020-06-01 15:50:14 +0900
committerYasuhito FUTATSUKI <futatuki@poem.co.jp>2020-06-01 15:50:14 +0900
commit6a23f43f94e1cbfbbd413d83f713584815938178 (patch)
treef0f2fb5fcb4fbb121915eddb949f7536bc22d037 /Mailman/Cgi/private.py
parente2bfc83935b64208b56194d82d04c61c25f8406d (diff)
parentbc7fdf4c5fb688ae62e48e614bc285bdcd805ffc (diff)
downloadmailman2-6a23f43f94e1cbfbbd413d83f713584815938178.tar.gz
mailman2-6a23f43f94e1cbfbbd413d83f713584815938178.tar.xz
mailman2-6a23f43f94e1cbfbbd413d83f713584815938178.zip
sync with lp:mailman/2.1 (just same)
Diffstat (limited to 'Mailman/Cgi/private.py')
-rw-r--r--Mailman/Cgi/private.py10
1 files changed, 3 insertions, 7 deletions
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 731e2d19..4b6f2501 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -162,13 +162,9 @@ def main():
if mlist.isMember(username):
mlist.MailUserPassword(username)
elif username:
- # Not a member
- if mlist.private_roster == 0:
- # Public rosters
- safeuser = Utils.websafe(username)
- message = Bold(FontSize('+1',
- _('No such member: %(safeuser)s.'))).Format()
- else:
+ # Not a member. Don't report address in any case. It leads to
+ # Content injection. Just log if roster is not public.
+ if mlist.private_roster != 0:
syslog('mischief',
'Reminder attempt of non-member w/ private rosters: %s',
username)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-02 01:24:39 +0000