aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--Mailman/Bouncers/DSN.py28
-rw-r--r--Mailman/Cgi/options.py5
-rw-r--r--Mailman/Cgi/private.py2
-rwxr-xr-xMailman/Defaults.py.in4
4 files changed, 8 insertions, 31 deletions
diff --git a/Mailman/Bouncers/DSN.py b/Mailman/Bouncers/DSN.py
index b316c696..06edc5b0 100644
--- a/Mailman/Bouncers/DSN.py
+++ b/Mailman/Bouncers/DSN.py
@@ -35,7 +35,7 @@ except NameError:
-def check(msg):
+def process(msg):
# Iterate over each message/delivery-status subpart
addrs = []
for part in typed_subpart_iterator(msg, 'message', 'delivery-status'):
@@ -86,29 +86,3 @@ def check(msg):
realname, a = parseaddr(a)
rtnaddrs[a] = True
return rtnaddrs.keys()
-
-
-
-def process(msg):
- # We've seen some fairly bogus DSNs, allegedly from postfix that are
- # multipart/mixed with 3 subparts - a text/plain postfix like part, a
- # message/delivery-status part and a message/rfc822 part with the original
- # message. Deal with it as follows.
- if (msg.is_multipart() and len(msg.get_payload()) == 3 and
- msg.get_payload()[1].get_content_type() == 'message/delivery-status'):
- return check(msg.get_payload()[1])
- # A DSN has been seen wrapped with a "legal disclaimer" by an outgoing MTA
- # in a multipart/mixed outer part.
- if msg.is_multipart() and msg.get_content_subtype() == 'mixed':
- msg = msg.get_payload()[0]
- # The above will suffice if the original message 'parts' were wrapped with
- # the disclaimer added, but the original DSN can be wrapped as a
- # message/rfc822 part. We need to test that too.
- if msg.is_multipart() and msg.get_content_type() == 'message/rfc822':
- msg = msg.get_payload()[0]
- # The report-type parameter should be "delivery-status", but it seems that
- # some DSN generating MTAs don't include this on the Content-Type: header,
- # so let's relax the test a bit.
- if not msg.is_multipart() or msg.get_content_subtype() <> 'report':
- return None
- return check(msg)
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 3a3b7841..641ec134 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -144,7 +144,7 @@ def main():
doc.set_language(language)
if lenparts < 2:
- user = cgidata.getfirst('email')
+ user = cgidata.getfirst('email', '').strip()
if not user:
# If we're coming from the listinfo page and we left the email
# address field blank, it's not an error. Likewise if we're
@@ -161,11 +161,12 @@ def main():
# If a user submits a form or URL with post data or query fragments
# with multiple occurrences of the same variable, we can get a list
# here. Be as careful as possible.
+ # This is no longer required because of getfirst() above, but leave it.
if isinstance(user, list) or isinstance(user, tuple):
if len(user) == 0:
user = ''
else:
- user = user[-1]
+ user = user[-1].strip()
# Avoid cross-site scripting attacks
safeuser = Utils.websafe(user)
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 7112c6c4..731e2d19 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -119,7 +119,7 @@ def main():
cgidata = cgi.FieldStorage()
try:
- username = cgidata.getfirst('username', '')
+ username = cgidata.getfirst('username', '').strip()
except TypeError:
# Someone crafted a POST with a bad Content-Type:.
doc.AddItem(Header(2, _("Error")))
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index fabd95bd..3350f278 100755
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1171,7 +1171,9 @@ DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION = Yes
# Default action for posts whose From: address domain has a DMARC policy of
# reject or quarantine. See DEFAULT_FROM_IS_LIST below. Whatever is set as
-# the default here precludes the list owner from setting a lower value.
+# the default here precludes the list owner from setting a lower value, however
+# an existing list won't be changed until the first time "Submit Your Changes"
+# is pressed on the list's Privacy options... -> Sender filters page.
# 0 = Accept
# 1 = Munge From
# 2 = Wrap Message