~mailman-coders/mailman/2.1

« back to all changes in this revision

Viewing changes to Mailman/Cgi/options.py

  • Committer: Mark Sapiro
  • Date: 2023-05-22 19:58:09 UTC
  • Revision ID: mark@msapiro.net-20230522195809-xy3cggdhr0uf5nnj
Improved fix for LP: #2017813.

Show diffs side-by-side

added added

removed removed

Lines of Context:
194
194
            doc.addError(msgd, tag='')
195
195
            user = None
196
196
        # We get here with a non-None user in the case of a non-member with
197
 
        # private rosters.  user should be None in every case.
198
 
        user = None
 
197
        # private rosters.  This creates a possible membership leak, but we
 
198
        # fix that a different way. See LP: #2017813.
199
199
        loginpage(mlist, doc, user, language)
200
200
        print doc.Format()
201
201
        return
313
313
                syslog('mischief',
314
314
                       'Login failure with private rosters: %s from %s',
315
315
                       user, remote)
316
 
                user = None
 
316
                # Don't clear user here. See LP: #2017813.
317
317
            # give an HTTP 401 for authentication failure
318
318
            if mlist.private_roster == 0:
319
319
                # Only add error with public rosters lp: #2015416