lp:~ralfjung-e/mailman/csrf-injective
Created by
Ralf Jung
and last modified
- Get this branch:
- bzr branch lp:~ralfjung-e/mailman/csrf-injective
Branch merges
Propose for merging
No branches
dependent on this one.
- Mark Sapiro: Approve
-
Diff: 33 lines (+6/-6)2 files modifiedMailman/Cgi/listinfo.py (+3/-3)
Mailman/Cgi/subscribe.py (+3/-3)
Branch information
Recent revisions
- 1759. By Ralf Jung <email address hidden>
-
Separate data in CSRF token by colon to avoid collisions.
This makes the data-to-token function injective. Previously, for example, the
list called "list1" and the IP "10.0.0.0" would have the same hash as the list
called "list" and the IP "110.0.0.0", as the strings were just concatenated.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:mailman