Bugs item #1879338, was opened at 2008-01-25 08:00
Message generated for change (Comment added) made by jidanni
You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid0103&aid79338&group_id3

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Web/CGI
Group: 2.1 beta
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: jidanni (jidanni)
Assigned to: Nobody/Anonymous (nobody)
Summary: catch invalid URLs

Initial Comment:
One finds one can use URLs like
http://lists.example.org/admin.cgi/zzz-example.org/zzz/add/vvv/dddd
and still visit the administration pages as if one typed in a correct
URL.

Somewhere in Mailman, something is not checking the URL beyond a
certain length or segment.

You might say "so what?", but if you allow these to work, soon all
kinds of people's typos will end up in documents as being the URL to
use to do various tasks, just because they happened to work that day.

(Yes, the above example does not bypass password checks.)

----------------------------------------------------------------------
Comment By: jidanni (jidanni)
Date: 2008-02-05 23:20

Message:
Logged In: YES
user_id71011
Originator: YES

http://www.python.org/cgi-bin/faqw-mm.py?req=show&fileúq04.057.htp is an
example of a evil looseness.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?funcÞtail&atid0103&aid79338&group_id3

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-coders @
categoriespython
postedFeb 5, '08 at 3:20p
activeFeb 5, '08 at 3:20p
posts1
users1
websitelist.org

1 user in discussion

SourceForge.net: 1 post

People

Translate

site design / logo © 2021 Grokbase