aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r--Mailman/Cgi/options.py5
-rw-r--r--Mailman/Cgi/private.py10
2 files changed, 7 insertions, 8 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 641ec134..1037f8f9 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -173,7 +173,7 @@ def main():
try:
Utils.ValidateEmail(user)
except Errors.EmailAddressError:
- doc.addError(_('Illegal Email Address: %(safeuser)s'))
+ doc.addError(_('Illegal Email Address'))
loginpage(mlist, doc, None, language)
print doc.Format()
return
@@ -206,6 +206,7 @@ def main():
# Are we processing an unsubscription request from the login screen?
msgc = _('If you are a list member, a confirmation email has been sent.')
+ msgb = _('You already have a subscription pending confirmation')
msga = _("""If you are a list member, your unsubscription request has been
forwarded to the list administrator for approval.""")
if cgidata.has_key('login-unsub'):
@@ -228,6 +229,8 @@ def main():
mlist.ConfirmUnsubscription(user, userlang, remote=ip)
doc.addError(msgc, tag='')
mlist.Save()
+ except Errors.MMAlreadyPending:
+ doc.addError(msgb)
finally:
mlist.Unlock()
else:
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 731e2d19..4b6f2501 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -162,13 +162,9 @@ def main():
if mlist.isMember(username):
mlist.MailUserPassword(username)
elif username:
- # Not a member
- if mlist.private_roster == 0:
- # Public rosters
- safeuser = Utils.websafe(username)
- message = Bold(FontSize('+1',
- _('No such member: %(safeuser)s.'))).Format()
- else:
+ # Not a member. Don't report address in any case. It leads to
+ # Content injection. Just log if roster is not public.
+ if mlist.private_roster != 0:
syslog('mischief',
'Reminder attempt of non-member w/ private rosters: %s',
username)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 10:00:58 +0000