aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2010-03-29 13:48:11 -0700
committerMark Sapiro <mark@msapiro.net>2010-03-29 13:48:11 -0700
commit65d46a5c05a73e1ec5e73229730b4d30cbae4647 (patch)
tree98704da13231ecf0eba407e46409d40074b884f3 /Mailman
parentf6d1105683699c64e4cbbad0a4dbc13edd4177d5 (diff)
downloadmailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.tar.gz
mailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.tar.xz
mailman2-65d46a5c05a73e1ec5e73229730b4d30cbae4647.zip
Added roster to the CGIs that return HTTP 401 status for an authentication
failure, and return HTTP 404 status from all CGIs for an invalid list name.
Diffstat (limited to 'Mailman')
-rw-r--r--Mailman/Cgi/admin.py2
-rw-r--r--Mailman/Cgi/admindb.py2
-rw-r--r--Mailman/Cgi/confirm.py2
-rw-r--r--Mailman/Cgi/edithtml.py2
-rw-r--r--Mailman/Cgi/listinfo.py2
-rw-r--r--Mailman/Cgi/options.py2
-rw-r--r--Mailman/Cgi/private.py2
-rw-r--r--Mailman/Cgi/rmlist.py2
-rw-r--r--Mailman/Cgi/roster.py4
-rw-r--r--Mailman/Cgi/subscribe.py2
10 files changed, 22 insertions, 0 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index 33aec336..ef5ea1ac 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -71,6 +71,8 @@ def main():
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
admin_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'admin.py access for non-existent list: %s',
listname)
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index e6d9c99e..f7654dc2 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -88,6 +88,8 @@ def main():
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
handle_no_list(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s\n', listname, e)
return
diff --git a/Mailman/Cgi/confirm.py b/Mailman/Cgi/confirm.py
index 95b33dca..8c681732 100644
--- a/Mailman/Cgi/confirm.py
+++ b/Mailman/Cgi/confirm.py
@@ -61,6 +61,8 @@ def main():
safelistname = Utils.websafe(listname)
bad_confirmation(doc, _('No such list <em>%(safelistname)s</em>'))
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
index 0e34a1c7..5197b986 100644
--- a/Mailman/Cgi/edithtml.py
+++ b/Mailman/Cgi/edithtml.py
@@ -68,6 +68,8 @@ def main():
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s', listname, e)
return
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index 5b965909..3a9b52cd 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -49,6 +49,8 @@ def main():
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
listinfo_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'No such list "%s": %s', listname, e)
return
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index cb6c2fa2..454ac7a8 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -78,6 +78,8 @@ def main():
doc.addError(_('No such list <em>%(safelistname)s</em>'))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index a92265e1..00823959 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -108,6 +108,8 @@ def main():
msg = _('No such list <em>%(safelistname)s</em>')
doc.SetTitle(_("Private Archive Error - %(msg)s"))
doc.AddItem(Header(2, msg))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
diff --git a/Mailman/Cgi/rmlist.py b/Mailman/Cgi/rmlist.py
index 4628f5fd..8227063c 100644
--- a/Mailman/Cgi/rmlist.py
+++ b/Mailman/Cgi/rmlist.py
@@ -68,6 +68,8 @@ def main():
Bold(FontAttr(title, color='#ff0000', size='+2'))))
doc.AddItem('<hr>')
doc.AddItem(MailmanLogo())
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index 8d06777d..d31608ff 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -54,6 +54,8 @@ def main():
except Errors.MMListError, e:
# Avoid cross-site scripting attacks
safelistname = Utils.websafe(listname)
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
error_page(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'roster: no such list "%s": %s', listname, e)
return
@@ -99,6 +101,8 @@ def main():
realname = mlist.real_name
doc = Document()
doc.set_language(lang)
+ # Send this with a 401 status.
+ print 'Status: 401 Unauthorized'
error_page_doc(doc, _('%(realname)s roster authentication failed.'))
doc.AddItem(mlist.GetMailmanFooter())
print doc.Format()
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py
index 80019581..f7b03ac6 100644
--- a/Mailman/Cgi/subscribe.py
+++ b/Mailman/Cgi/subscribe.py
@@ -60,6 +60,8 @@ def main():
safelistname = Utils.websafe(listname)
doc.AddItem(Header(2, _("Error")))
doc.AddItem(Bold(_('No such list <em>%(safelistname)s</em>')))
+ # Send this with a 404 status.
+ print 'Status: 404 Not Found'
print doc.Format()
syslog('error', 'No such list "%s": %s\n', listname, e)
return