diff options
| author | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2018-07-11 15:52:22 +0900 |
|---|---|---|
| committer | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2018-07-11 15:52:22 +0900 |
| commit | 85340b712dbf2056abb6c3f87a96975679dc30bb (patch) | |
| tree | dad9da9f7e39ee48fcfe9ae02ad648c503c79efe /Mailman/Utils.py | |
| parent | f6ba48ac8c20c79542108ff1bafa070bf9caee6d (diff) | |
| parent | e8869cd75753f31cbf8889ea1598356f99b50073 (diff) | |
| download | mailman2-85340b712dbf2056abb6c3f87a96975679dc30bb.tar.gz mailman2-85340b712dbf2056abb6c3f87a96975679dc30bb.tar.xz mailman2-85340b712dbf2056abb6c3f87a96975679dc30bb.zip | |
merge lp:mailman/2.1 up to rev 1791
Diffstat (limited to '')
| -rw-r--r-- | Mailman/Utils.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 01dfa9c0..49121e28 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -473,7 +473,7 @@ def check_global_password(response, siteadmin=True): _ampre = re.compile('&((?:#[0-9]+|[a-z]+);)', re.IGNORECASE) -def websafe(s): +def websafe(s, doubleescape=False): # If a user submits a form or URL with post data or query fragments # with multiple occurrences of the same variable, we can get a list # here. Be as careful as possible. @@ -488,8 +488,11 @@ def websafe(s): if isinstance(s, str): for k in mm_cfg.BROKEN_BROWSER_REPLACEMENTS: s = s.replace(k, mm_cfg.BROKEN_BROWSER_REPLACEMENTS[k]) - # Don't double escape html entities - return _ampre.sub(r'&\1', cgi.escape(s, quote=True)) + if doubleescape: + return cgi.escape(s, quote=True) + else: + # Don't double escape html entities + return _ampre.sub(r'&\1', cgi.escape(s, quote=True)) def nntpsplit(s): |