diff options
42 files changed, 73 insertions, 21 deletions
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index b35b8988..81ff7f48 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -221,18 +221,21 @@ def list_listinfo(mlist, lang): (captcha_question, captcha_box, captcha_idx) = \ Utils.captcha_display(mlist, lang, mm_cfg.CAPTCHAS) pre_question = _( - '''Please answer the following question to prove that - you are not a bot:''' + """Please answer the following question to prove that + you are not a bot:""" ) replacements['<mm-captcha-ui>'] = ( """<tr><td BGCOLOR="#dddddd">%s<br>%s</td><td>%s</td></tr>""" % (pre_question, captcha_question, captcha_box)) else: - captcha_idx = "" # just to have something to include in the hash below + # just to have something to include in the hash below + captcha_idx = '' # fill form replacements['<mm-subscribe-form-start>'] += ( - '<input type="hidden" name="sub_form_token" value="%s:%s:%s">\n' - % (now, captcha_idx, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" + + '<input type="hidden" name="sub_form_token"' + ' value="%s:%s:%s">\n' + % (now, captcha_idx, + Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" + now + ":" + captcha_idx + ":" + mlist.internal_name() + ":" + diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 7e7ebc61..ce7940f9 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -168,7 +168,8 @@ def process_form(mlist, doc, cgidata, lang): # for our hash so it doesn't matter. remote1 = remote.rsplit(':', 1)[0] try: - ftime, fcaptcha_idx, fhash = cgidata.getfirst('sub_form_token', '').split(':') + ftime, fcaptcha_idx, fhash = cgidata.getfirst( + 'sub_form_token', '').split(':') then = int(ftime) except ValueError: ftime = fcaptcha_idx = fhash = '' @@ -193,8 +194,10 @@ def process_form(mlist, doc, cgidata, lang): # Check captcha if isinstance(mm_cfg.CAPTCHAS, dict): captcha_answer = cgidata.getvalue('captcha_answer', '') - if not Utils.captcha_verify(fcaptcha_idx, captcha_answer, mm_cfg.CAPTCHAS): - results.append(_('This was not the right answer to the CAPTCHA question.')) + if not Utils.captcha_verify( + fcaptcha_idx, captcha_answer, mm_cfg.CAPTCHAS): + results.append(_( + 'This was not the right answer to the CAPTCHA question.')) # Was an attempt made to subscribe the list to itself? if email == mlist.GetListEmail(): syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote) diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index 401dadc3..594674ca 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -146,8 +146,8 @@ SUBSCRIBE_FORM_MIN_TIME = seconds(5) # } # The regular expression must match the full string, i.e., it is implicitly # acting as if it had "^" in the beginning and "$" at the end. -# An 'en' key must be present and is used as fall-back if there are no questions -# for the currently set language. +# An 'en' key must be present and is used as fall-back if there are no +# questions for the currently set language. CAPTCHAS = None # Use Google reCAPTCHA to protect the subscription form from spam bots. The @@ -1207,7 +1207,7 @@ DEFAULT_DMARC_MODERATION_ACTION = 0 # with a stronger DMARC policy if such a policy would result in message # modification because dmarc_moderation_action is 1 or 2. Thus, there is # a list setting to apply dmarc_moderaction_action of 1 or 2 to messages -# From: domains with DMARC p=none. Setting this to Yes is only effective if +# From: domains with DMARC p=none. Setting this to Yes is only effective if # dmarc_quarantine_moderaction_action is also Yes. The following is the # default for this setting for new lists. DEFAULT_DMARC_NONE_MODERATION_ACTION = No @@ -1243,7 +1243,7 @@ DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL = \ # (0 to disable). DEFAULT_MEMBER_VERBOSITY_INTERVAL = 300 DEFAULT_MEMBER_VERBOSITY_THRESHOLD = 0 - + # This controls how often to clean old post time entries from the dictionary # used to implement the member verbosity feature. This is a compromise between # using resources for cleaning and allowing the dictionary to grow very large. diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 9ab35a1c..36fbd1f9 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1587,7 +1587,8 @@ def captcha_display(mlist, lang, captchas): idx = random.randrange(len(captchas)) question = captchas[idx][0] box_html = mlist.FormatBox('captcha_answer', size=30) - # Remember to encode the language in the index so that we can get it out again! + # Remember to encode the language in the index so that we can get it out + # again! return (websafe(question), box_html, lang + "-" + str(idx)) def captcha_verify(idx, given_answer, captchas): @@ -21,9 +21,17 @@ Here is a history of user visible changes to Mailman. does this on every web access and on sites with a very large number of lists, this can have performance implications. See the description in Defaults.py for more information. - + + - Thanks to Ralph Jung there is now the ability to add text based captchas + (aka textchas) to the listinfo subscribe form. See the documentation + for the new CAPTCHA setting in Defaults.py for how to enable this. Also + note that if you have custom listinfo.html templates, you will have to + add a <mm-captcha-ui> tag to those templates to make this work. This + feature can be used in combination with or instead of the Google + reCAPTCHA feature added in 2.1.26. + Bug Fixes and other patches - + - Fixed the confirm CGI to catch a rare TypeError on simultaneous confirmations of the same token. (LP: #1785854) @@ -61,7 +69,7 @@ Here is a history of user visible changes to Mailman. 2.1.28 (23-Jul-2018) Security - + - A content spoofing vulnerability with invalid list name messages in the web UI has been fixed. CVE-2018-13796 (LP: #1780874) @@ -400,7 +408,7 @@ Here is a history of user visible changes to Mailman. well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893 (LP: #1614841) - + New Features - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded @@ -483,7 +491,7 @@ Here is a history of user visible changes to Mailman. - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the null string if it wants to avoid using this. (LP: #1578450) - + - The white space to the left of the admindb Logout link is no longer part of the link. (LP: #1573623) @@ -711,11 +719,11 @@ Here is a history of user visible changes to Mailman. and deleting the old address. (LP: #266809) i18n - + - The Russian translation has been updated by Danil Smirnov. - The Polish translation has been updated by Stefan Plewako. - + Bug fixes and other patches - A LookupError in SpamDetect on a message with RFC 2047 encoded headers @@ -954,7 +962,7 @@ Here is a history of user visible changes to Mailman. - If checking DNS for dmarc_moderation_action and DNS lookup is not available, log it. (LP: #1324541) - + - Handle missing From: header addresses for DMARC mitigation actions. (LP: #1318025) diff --git a/templates/ar/listinfo.html b/templates/ar/listinfo.html index 8a24e75c..0d2f23bc 100644 --- a/templates/ar/listinfo.html +++ b/templates/ar/listinfo.html @@ -112,6 +112,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/ast/listinfo.html b/templates/ast/listinfo.html index f451a1b1..c000dae1 100644 --- a/templates/ast/listinfo.html +++ b/templates/ast/listinfo.html @@ -104,6 +104,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></P></center> diff --git a/templates/ca/listinfo.html b/templates/ca/listinfo.html index f1a66f7c..a6c4e4ba 100644 --- a/templates/ca/listinfo.html +++ b/templates/ca/listinfo.html @@ -115,6 +115,7 @@ que es mostrin els vostres missatges?</TD> </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/cs/listinfo.html b/templates/cs/listinfo.html index 8da0066a..0fbb2819 100644 --- a/templates/cs/listinfo.html +++ b/templates/cs/listinfo.html @@ -113,6 +113,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/da/listinfo.html b/templates/da/listinfo.html index 79cf9d47..09869b2b 100644 --- a/templates/da/listinfo.html +++ b/templates/da/listinfo.html @@ -109,6 +109,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/el/listinfo.html b/templates/el/listinfo.html index 65455594..71be2f28 100755 --- a/templates/el/listinfo.html +++ b/templates/el/listinfo.html @@ -117,6 +117,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></P></center> diff --git a/templates/eo/listinfo.html b/templates/eo/listinfo.html index 6bd29d6f..6c002c17 100644 --- a/templates/eo/listinfo.html +++ b/templates/eo/listinfo.html @@ -105,6 +105,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/es/listinfo.html b/templates/es/listinfo.html index c73d9d0e..3b54a1ce 100644 --- a/templates/es/listinfo.html +++ b/templates/es/listinfo.html @@ -118,6 +118,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/et/listinfo.html b/templates/et/listinfo.html index b6967d9e..7c0ee718 100644 --- a/templates/et/listinfo.html +++ b/templates/et/listinfo.html @@ -108,6 +108,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/eu/listinfo.html b/templates/eu/listinfo.html index a6a8a769..5d41d2a8 100644 --- a/templates/eu/listinfo.html +++ b/templates/eu/listinfo.html @@ -114,6 +114,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/fa/listinfo.html b/templates/fa/listinfo.html index 80422928..45b68ac8 100644 --- a/templates/fa/listinfo.html +++ b/templates/fa/listinfo.html @@ -106,6 +106,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/fi/listinfo.html b/templates/fi/listinfo.html index a52da14c..560fc46f 100644 --- a/templates/fi/listinfo.html +++ b/templates/fi/listinfo.html @@ -121,6 +121,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/gl/listinfo.html b/templates/gl/listinfo.html index 7f65048b..aa9e0954 100644 --- a/templates/gl/listinfo.html +++ b/templates/gl/listinfo.html @@ -117,6 +117,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/he/listinfo.html b/templates/he/listinfo.html index dc5bca26..b6f21f69 100644 --- a/templates/he/listinfo.html +++ b/templates/he/listinfo.html @@ -111,6 +111,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/hr/listinfo.html b/templates/hr/listinfo.html index 37de789e..10df382f 100644 --- a/templates/hr/listinfo.html +++ b/templates/hr/listinfo.html @@ -113,6 +113,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/hu/listinfo.html b/templates/hu/listinfo.html index 4f62722f..c1b702df 100644 --- a/templates/hu/listinfo.html +++ b/templates/hu/listinfo.html @@ -112,6 +112,7 @@ <tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <td colspan="3"> <center><MM-Subscribe-Button></center> </td> diff --git a/templates/ia/listinfo.html b/templates/ia/listinfo.html index c0077505..de848cd6 100644 --- a/templates/ia/listinfo.html +++ b/templates/ia/listinfo.html @@ -104,6 +104,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/it/listinfo.html b/templates/it/listinfo.html index deb68063..51e59272 100644 --- a/templates/it/listinfo.html +++ b/templates/it/listinfo.html @@ -124,6 +124,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/ja/listinfo.html b/templates/ja/listinfo.html index 288f51cd..3aa105d7 100644 --- a/templates/ja/listinfo.html +++ b/templates/ja/listinfo.html @@ -116,6 +116,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/ko/listinfo.html b/templates/ko/listinfo.html index 13805662..6211f7b9 100644 --- a/templates/ko/listinfo.html +++ b/templates/ko/listinfo.html @@ -113,6 +113,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/lt/listinfo.html b/templates/lt/listinfo.html index fb95229f..7ed3ea49 100644 --- a/templates/lt/listinfo.html +++ b/templates/lt/listinfo.html @@ -114,6 +114,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/nl/listinfo.html b/templates/nl/listinfo.html index 65eb4f7d..ae2f2a5a 100644 --- a/templates/nl/listinfo.html +++ b/templates/nl/listinfo.html @@ -109,6 +109,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/no/listinfo.html b/templates/no/listinfo.html index 90468069..ed218fa1 100644 --- a/templates/no/listinfo.html +++ b/templates/no/listinfo.html @@ -109,6 +109,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/pl/listinfo.html b/templates/pl/listinfo.html index 457a83b2..4468c976 100644 --- a/templates/pl/listinfo.html +++ b/templates/pl/listinfo.html @@ -114,6 +114,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/pt/listinfo.html b/templates/pt/listinfo.html index 5b6e8e6f..400d38e7 100644 --- a/templates/pt/listinfo.html +++ b/templates/pt/listinfo.html @@ -115,6 +115,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/pt_BR/listinfo.html b/templates/pt_BR/listinfo.html index 026f29fd..656931cf 100644 --- a/templates/pt_BR/listinfo.html +++ b/templates/pt_BR/listinfo.html @@ -116,6 +116,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/ro/listinfo.html b/templates/ro/listinfo.html index 8fedf57c..4a549828 100644 --- a/templates/ro/listinfo.html +++ b/templates/ro/listinfo.html @@ -110,6 +110,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/ru/listinfo.html b/templates/ru/listinfo.html index 87f4b12d..8568c7af 100644 --- a/templates/ru/listinfo.html +++ b/templates/ru/listinfo.html @@ -101,6 +101,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/sk/listinfo.html b/templates/sk/listinfo.html index 0e9e2bea..b89d0a19 100644 --- a/templates/sk/listinfo.html +++ b/templates/sk/listinfo.html @@ -118,6 +118,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/sl/listinfo.html b/templates/sl/listinfo.html index a6d3108e..84c676a9 100644 --- a/templates/sl/listinfo.html +++ b/templates/sl/listinfo.html @@ -113,6 +113,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/sr/listinfo.html b/templates/sr/listinfo.html index d4f601a7..81fc6938 100644 --- a/templates/sr/listinfo.html +++ b/templates/sr/listinfo.html @@ -98,6 +98,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center> <MM-Subscribe-Button></center> diff --git a/templates/sv/listinfo.html b/templates/sv/listinfo.html index d2824096..0470d725 100644 --- a/templates/sv/listinfo.html +++ b/templates/sv/listinfo.html @@ -95,6 +95,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/tr/listinfo.html b/templates/tr/listinfo.html index 8d7fdf3a..8cbc23d4 100644 --- a/templates/tr/listinfo.html +++ b/templates/tr/listinfo.html @@ -116,6 +116,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/uk/listinfo.html b/templates/uk/listinfo.html index b881ff3a..b3aec00e 100644 --- a/templates/uk/listinfo.html +++ b/templates/uk/listinfo.html @@ -112,6 +112,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/vi/listinfo.html b/templates/vi/listinfo.html index 5b864d3e..7d28de56 100644 --- a/templates/vi/listinfo.html +++ b/templates/vi/listinfo.html @@ -103,6 +103,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/zh_CN/listinfo.html b/templates/zh_CN/listinfo.html index c329aa27..7ddb2f68 100644 --- a/templates/zh_CN/listinfo.html +++ b/templates/zh_CN/listinfo.html @@ -108,6 +108,7 @@ </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> diff --git a/templates/zh_TW/listinfo.html b/templates/zh_TW/listinfo.html index dd066425..bc36e5f0 100644 --- a/templates/zh_TW/listinfo.html +++ b/templates/zh_TW/listinfo.html @@ -101,6 +101,7 @@ HREF="mailto:<MM-Posting-Addr>"><MM-Posting-Addr></A>。 </tr> <mm-digest-question-end> <mm-recaptcha-ui> + <mm-captcha-ui> <tr> <td colspan="3"> <center><MM-Subscribe-Button></center> |