aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi
diff options
context:
space:
mode:
Diffstat (limited to 'Mailman/Cgi')
-rw-r--r--Mailman/Cgi/admin.py4
-rw-r--r--Mailman/Cgi/admindb.py12
-rw-r--r--Mailman/Cgi/confirm.py16
-rw-r--r--Mailman/Cgi/listinfo.py14
-rw-r--r--Mailman/Cgi/options.py41
-rw-r--r--Mailman/Cgi/private.py28
-rw-r--r--Mailman/Cgi/roster.py16
-rw-r--r--Mailman/Cgi/subscribe.py14
8 files changed, 81 insertions, 64 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index 49c6efbf..1c629c10 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -1376,7 +1376,7 @@ def change_options(mlist, category, subcat, cgidata, doc):
newlang = cgidata.getvalue(user+'_language')
oldlang = mlist.getMemberLanguage(user)
- if newlang and newlang <> oldlang:
+ if Utils.IsLanguage(newlang) and newlang <> oldlang:
mlist.setMemberLanguage(user, newlang)
moderate = not not cgidata.getvalue(user+'_mod')
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index e6b71cda..49007fb6 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -1,17 +1,17 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Produce and process the pending-approval items for a list."""
@@ -111,7 +111,7 @@ def main():
# Set up the results document
doc = Document()
doc.set_language(mlist.preferred_language)
-
+
# See if we're requesting all the messages for a particular sender, or if
# we want a specific held message.
sender = None
@@ -307,7 +307,7 @@ def show_pending_subs(mlist, form):
form.AddItem(table)
return num
-
+
def show_pending_unsubs(mlist, form):
# Add the pending unsubscription request section
diff --git a/Mailman/Cgi/confirm.py b/Mailman/Cgi/confirm.py
index 2348b0b6..abb0ac29 100644
--- a/Mailman/Cgi/confirm.py
+++ b/Mailman/Cgi/confirm.py
@@ -1,17 +1,17 @@
-# Copyright (C) 2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Confirm a pending action via URL."""
@@ -183,7 +183,7 @@ def ask_for_cookie(mlist, doc, extra=''):
if extra:
table.AddRow([Bold(FontAttr(extra, size='+1'))])
table.AddCellInfo(table.GetCurrentRowIndex(), 0, colspan=2)
-
+
# Add cookie entry box
table.AddRow([_("""Please enter the confirmation string
(i.e. <em>cookie</em>) that you received in your email message, in the box
@@ -313,6 +313,8 @@ def subscription_confirm(mlist, doc, cookie, cgidata):
# Some pending values may be overridden in the form. email of
# course is hardcoded. ;)
lang = cgidata.getvalue('language')
+ if not Utils.IsLanguage(lang):
+ lang = mlist.preferred_language
i18n.set_language(lang)
doc.set_language(lang)
if cgidata.has_key('digests'):
@@ -368,7 +370,7 @@ def subscription_confirm(mlist, doc, cookie, cgidata):
mlist.Save()
finally:
mlist.Unlock()
-
+
def unsubscription_cancel(mlist, doc, cookie):
@@ -456,7 +458,7 @@ def unsubscription_prompt(mlist, doc, cookie, addr):
form.AddItem(table)
doc.AddItem(form)
-
+
def addrchange_cancel(mlist, doc, cookie):
diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index d9e4d266..5244d75c 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -1,17 +1,17 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Produce listinfo page, primary web entry-point to mailing lists.
@@ -54,7 +54,9 @@ def main():
# See if the user want to see this page in other language
cgidata = cgi.FieldStorage()
- language = cgidata.getvalue('language', mlist.preferred_language)
+ language = cgidata.getvalue('language')
+ if not Utils.IsLanguage(language):
+ language = mlist.preferred_language
i18n.set_language(language)
list_listinfo(mlist, language)
@@ -192,7 +194,7 @@ def list_listinfo(mlist, lang):
else:
displang = mlist.FormatButton('displang-button',
text = _("View this page in"))
- replacements['<mm-displang-box>'] = displang
+ replacements['<mm-displang-box>'] = displang
replacements['<mm-lang-form-start>'] = mlist.FormatFormStart('listinfo')
replacements['<mm-fullname-box>'] = mlist.FormatBox('fullname', size=30)
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index ef080a68..2f9e9afa 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -82,7 +82,9 @@ def main():
# we might have a 'language' key in the cgi data. That was an explicit
# preference to view the page in, so we should honor that here. If that's
# not available, use the list's default language.
- language = cgidata.getvalue('language', mlist.preferred_language)
+ language = cgidata.getvalue('language')
+ if not Utils.IsLanguage(language):
+ language = mlist.preferred_language
i18n.set_language(language)
doc.set_language(language)
@@ -94,7 +96,7 @@ def main():
# button UserOptions; we can use that as the descriminator.
if not cgidata.getvalue('UserOptions'):
doc.addError(_('No address given'))
- loginpage(mlist, doc, None, cgidata)
+ loginpage(mlist, doc, None, language)
print doc.Format()
return
else:
@@ -102,11 +104,18 @@ def main():
# Avoid cross-site scripting attacks
safeuser = Utils.websafe(user)
- # Sanity check the user, but be careful about leaking membership
- # information when we're using private rosters.
+ try:
+ Utils.ValidateEmail(user)
+ except Errors.EmailAddressError:
+ doc.addError(_('Illegal Email Address: %(safeuser)s'))
+ loginpage(mlist, doc, None, language)
+ print doc.Format()
+ return
+ # Sanity check the user, but only give the "no such member" error when
+ # using public rosters, otherwise, we'll leak membership information.
if not mlist.isMember(user) and mlist.private_roster == 0:
doc.addError(_('No such member: %(safeuser)s.'))
- loginpage(mlist, doc, None, cgidata)
+ loginpage(mlist, doc, None, language)
print doc.Format()
return
@@ -123,7 +132,9 @@ def main():
# And now we know the user making the request, so set things up to for the
# user's stored preferred language, overridden by any form settings for
# their new language preference.
- userlang = cgidata.getvalue('language', mlist.getMemberLanguage(user))
+ userlang = cgidata.getvalue('language')
+ if not Utils.IsLanguage(userlang):
+ userlang = mlist.getMemberLanguage(user)
doc.set_language(userlang)
i18n.set_language(userlang)
@@ -159,7 +170,7 @@ def main():
user)
doc.addError(_('The confirmation email has been sent.'),
tag='')
- loginpage(mlist, doc, user, cgidata)
+ loginpage(mlist, doc, user, language)
print doc.Format()
return
@@ -182,7 +193,7 @@ def main():
doc.addError(
_('A reminder of your password has been emailed to you.'),
tag='')
- loginpage(mlist, doc, user, cgidata)
+ loginpage(mlist, doc, user, language)
print doc.Format()
return
@@ -205,7 +216,7 @@ def main():
'Login failure with private rosters: %s',
user)
user = None
- loginpage(mlist, doc, user, cgidata)
+ loginpage(mlist, doc, user, language)
print doc.Format()
return
@@ -215,7 +226,7 @@ def main():
if cgidata.has_key('logout'):
print mlist.ZapCookie(mm_cfg.AuthUser, user)
- loginpage(mlist, doc, user, cgidata)
+ loginpage(mlist, doc, user, language)
print doc.Format()
return
@@ -229,7 +240,7 @@ def main():
if cgidata.has_key('othersubs'):
hostname = mlist.host_name
- title = _('List subscriptions for %(user)s on %(hostname)s')
+ title = _('List subscriptions for %(safeuser)s on %(hostname)s')
doc.SetTitle(title)
doc.AddItem(Header(2, title))
doc.AddItem(_('''Click on a link to visit your options page for the
@@ -302,7 +313,7 @@ def main():
The new address you requested %(newaddr)s is already a member of the
%(listname)s mailing list, however you have also requested a global change of
address. Upon confirmation, any other mailing list containing the address
-%(user)s will be changed. """)
+%(safeuser)s will be changed. """)
# Don't return
else:
options_page(
@@ -743,20 +754,20 @@ You are subscribed to this list with the case-preserved address
-def loginpage(mlist, doc, user, cgidata):
+def loginpage(mlist, doc, user, lang):
realname = mlist.real_name
actionurl = mlist.GetScriptURL('options')
if user is None:
title = _('%(realname)s list: member options login page')
extra = _('email address and ')
else:
- title = _('%(realname)s list: member options for user %(user)s')
+ safeuser = Utils.websafe(user)
+ title = _('%(realname)s list: member options for user %(safeuser)s')
obuser = Utils.ObscureEmail(user)
extra = ''
# Set up the title
doc.SetTitle(title)
# We use a subtable here so we can put a language selection box in
- lang = cgidata.getvalue('language', mlist.preferred_language)
table = Table(width='100%', border=0, cellspacing=4, cellpadding=5)
# If only one language is enabled for this mailing list, omit the choice
# buttons.
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 6b7af70a..5fa5398e 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -1,25 +1,26 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Provide a password-interface wrapper around private archives.
"""
-import sys
import os
+import sys
import cgi
+import mimetypes
from Mailman import mm_cfg
from Mailman import Utils
@@ -43,12 +44,11 @@ def true_path(path):
return path[1:]
-def content_type(path):
- if path[-3:] == '.gz':
- path = path[:-3]
- if path[-4:] == '.txt':
- return 'text/plain'
- return 'text/html'
+
+def guess_type(url, strict):
+ if hasattr(mimetypes, 'common_types'):
+ return mimetypes.guess_type(url, strict)
+ return mimetypes.guess_type(url)
@@ -140,12 +140,14 @@ def main():
# Authorization confirmed... output the desired file
try:
- ctype = content_type(path)
+ ctype, enc = guess_type(path, strict=0)
+ if ctype is None:
+ ctype = 'text/html'
if mboxfile:
f = open(os.path.join(mlist.archive_dir() + '.mbox',
mlist.internal_name() + '.mbox'))
ctype = 'text/plain'
- elif true_filename[-3:] == '.gz':
+ elif true_filename.endswith('.gz'):
import gzip
f = gzip.open(true_filename, 'r')
else:
diff --git a/Mailman/Cgi/roster.py b/Mailman/Cgi/roster.py
index 71c06240..2dc0c98d 100644
--- a/Mailman/Cgi/roster.py
+++ b/Mailman/Cgi/roster.py
@@ -1,17 +1,17 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Produce subscriber roster, using listinfo form data, roster.html template.
@@ -21,7 +21,7 @@ Takes listname in PATH_INFO.
# We don't need to lock in this script, because we're never going to change
-# data.
+# data.
import sys
import os
@@ -61,11 +61,9 @@ def main():
cgidata = cgi.FieldStorage()
# messages in form should go in selected language (if any...)
- if cgidata.has_key('language'):
- lang = cgidata['language'].value
- else:
+ lang = cgidata.getvalue('language')
+ if not Utils.IsLanguage(lang):
lang = mlist.preferred_language
-
i18n.set_language(lang)
# Perform authentication for protected rosters. If the roster isn't
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py
index c2dfe5cd..d0a477d7 100644
--- a/Mailman/Cgi/subscribe.py
+++ b/Mailman/Cgi/subscribe.py
@@ -1,17 +1,17 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
-#
+#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
+# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
"""Process subscription or roster requests from listinfo form."""
@@ -50,7 +50,7 @@ def main():
doc.AddItem(Bold(_('Invalid options to CGI script')))
print doc.Format()
return
-
+
listname = parts[0].lower()
try:
mlist = MailList.MailList(listname, lock=0)
@@ -66,7 +66,9 @@ def main():
# See if the form data has a preferred language set, in which case, use it
# for the results. If not, use the list's preferred language.
cgidata = cgi.FieldStorage()
- language = cgidata.getvalue('language', mlist.preferred_language)
+ language = cgidata.getvalue('language')
+ if not Utils.IsLanguage(language):
+ language = mlist.preferred_language
i18n.set_language(language)
doc.set_language(language)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 13:01:55 +0000