From 6efea059931995de8713f35bccc1116905175cf2 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Thu, 14 Jul 2016 14:27:49 -0700 Subject: Catch TypeError from certain defective crafted POST requests. --- Mailman/Cgi/edithtml.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'Mailman/Cgi/edithtml.py') diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py index 85632531..6eb65d6a 100644 --- a/Mailman/Cgi/edithtml.py +++ b/Mailman/Cgi/edithtml.py @@ -93,6 +93,16 @@ def main(): # Must be authenticated to get any farther cgidata = cgi.FieldStorage() + try: + cgidata.getvalue('adminpw', '') + except TypeError: + # Someone crafted a POST with a bad Content-Type:. + doc.AddItem(Header(2, _("Error"))) + doc.AddItem(Bold(_('Invalid options to CGI script.'))) + # Send this with a 400 status. + print 'Status: 400 Bad Request' + print doc.Format() + return # Editing the html for a list is limited to the list admin and site admin. if not mlist.WebAuthenticate((mm_cfg.AuthListAdmin, -- cgit v1.2.3