Re: [Mailman-Developers] Fw: [ham] Mailman: cross-site scripting bug

Tokio Kikuchi found the bug and issued a patch. I updated the patch to be a bit more thorough. Please try this out and see if it fixes the problem without introducing any other bugs. I have a studio session today so if there are no problems over the next 8 or so hours, I'll issue a security pat

[Mailman-Developers] Re: [ mailman-Patches-674553 ] patch for options.py cross sitescriptingbug

Barry, (B (B+if not mlist.isMember(user): (B+if mlist.private_roster: (B+safeuser = _('undisclosed') (B (BThis is not a good idea because it will disclose the input email (Baddress is not a member. (B (B-def loginpage(mlist, doc, user, cgidata): (B+def loginpage(ml