diff options
author | Mark Sapiro <mark@msapiro.net> | 2010-03-29 13:48:11 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2010-03-29 13:48:11 -0700 |
commit | 65d46a5c05a73e1ec5e73229730b4d30cbae4647 (patch) | |
tree | 98704da13231ecf0eba407e46409d40074b884f3 /Mailman | |
parent | f6d1105683699c64e4cbbad0a4dbc13edd4177d5 (diff) | |
download | mailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.tar.gz mailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.tar.xz mailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.zip |
Added roster to the CGIs that return HTTP 401 status for an authentication
failure, and return HTTP 404 status from all CGIs for an invalid list name.
Diffstat (limited to 'Mailman')
-rw-r--r-- | Mailman/Cgi/admin.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/admindb.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/confirm.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/edithtml.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/listinfo.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/options.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/private.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/rmlist.py | 2 | ||||
-rw-r--r-- | Mailman/Cgi/roster.py | 4 | ||||
-rw-r--r-- | Mailman/Cgi/subscribe.py | 2 |
10 files changed, 22 insertions, 0 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py index 33aec336..ef5ea1ac 100644 --- a/Mailman/Cgi/admin.py +++ b/Mailman/Cgi/admin.py @@ -71,6 +71,8 @@ def main(): except Errors.MMListError, e: # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) + # Send this with a 404 status. + print 'Status: 404 Not Found' admin_overview(_('No such list <em>%(safelistname)s</em>')) syslog('error', 'admin.py access for non-existent list: %s', listname) diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py index e6d9c99e..f7654dc2 100644 --- a/Mailman/Cgi/admindb.py +++ b/Mailman/Cgi/admindb.py @@ -88,6 +88,8 @@ def main(): except Errors.MMListError, e: # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) + # Send this with a 404 status. + print 'Status: 404 Not Found' handle_no_list(_('No such list <em>%(safelistname)s</em>')) syslog('error', 'No such list "%s": %s\n', listname, e) return diff --git a/Mailman/Cgi/confirm.py b/Mailman/Cgi/confirm.py index 95b33dca..8c681732 100644 --- a/Mailman/Cgi/confirm.py +++ b/Mailman/Cgi/confirm.py @@ -61,6 +61,8 @@ def main(): safelistname = Utils.websafe(listname) bad_confirmation(doc, _('No such list <em>%(safelistname)s</em>')) doc.AddItem(MailmanLogo()) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s', listname, e) return diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py index 0e34a1c7..5197b986 100644 --- a/Mailman/Cgi/edithtml.py +++ b/Mailman/Cgi/edithtml.py @@ -68,6 +68,8 @@ def main(): # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) doc.AddItem(Header(2, _('No such list <em>%(safelistname)s</em>'))) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s', listname, e) return diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 5b965909..3a9b52cd 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -49,6 +49,8 @@ def main(): except Errors.MMListError, e: # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) + # Send this with a 404 status. + print 'Status: 404 Not Found' listinfo_overview(_('No such list <em>%(safelistname)s</em>')) syslog('error', 'No such list "%s": %s', listname, e) return diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index cb6c2fa2..454ac7a8 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -78,6 +78,8 @@ def main(): doc.addError(_('No such list <em>%(safelistname)s</em>')) doc.AddItem('<hr>') doc.AddItem(MailmanLogo()) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s\n', listname, e) return diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py index a92265e1..00823959 100644 --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -108,6 +108,8 @@ def main(): msg = _('No such list <em>%(safelistname)s</em>') doc.SetTitle(_("Private Archive Error - %(msg)s")) doc.AddItem(Header(2, msg)) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s\n', listname, e) return diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py index 4628f5fd..8227063c 100644 --- a/Mailman/Cgi/rmlist.py +++ b/Mailman/Cgi/rmlist.py @@ -68,6 +68,8 @@ def main(): Bold(FontAttr(title, color='#ff0000', size='+2')))) doc.AddItem('<hr>') doc.AddItem(MailmanLogo()) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s\n', listname, e) return diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py index 8d06777d..d31608ff 100644 --- a/Mailman/Cgi/roster.py +++ b/Mailman/Cgi/roster.py @@ -54,6 +54,8 @@ def main(): except Errors.MMListError, e: # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) + # Send this with a 404 status. + print 'Status: 404 Not Found' error_page(_('No such list <em>%(safelistname)s</em>')) syslog('error', 'roster: no such list "%s": %s', listname, e) return @@ -99,6 +101,8 @@ def main(): realname = mlist.real_name doc = Document() doc.set_language(lang) + # Send this with a 401 status. + print 'Status: 401 Unauthorized' error_page_doc(doc, _('%(realname)s roster authentication failed.')) doc.AddItem(mlist.GetMailmanFooter()) print doc.Format() diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 80019581..f7b03ac6 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -60,6 +60,8 @@ def main(): safelistname = Utils.websafe(listname) doc.AddItem(Header(2, _("Error"))) doc.AddItem(Bold(_('No such list <em>%(safelistname)s</em>'))) + # Send this with a 404 status. + print 'Status: 404 Not Found' print doc.Format() syslog('error', 'No such list "%s": %s\n', listname, e) return |