aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/admin.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
|
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
|
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-251-0/+27
| | | | | | be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-231-0/+3
| | | | | admindb logout effective for a site admin cookie if allowed. Bug #769318.
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
|
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-141-3/+5
| | | | | setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-101-3/+3
| | | | Bug #426979.
* Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro2010-07-021-1/+1
| | | | listinfo.
* Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2010-06-231-2/+3
| | | | overview pages if its web_page_url contained a :port. Bug # 597741.
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-291-0/+2
| | | | failure, and return HTTP 404 status from all CGIs for an invalid list name.
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-311-1/+1
|
* Updated links to Python documentation.Mark Sapiro2009-01-111-1/+2
|
* - Fixed the admin Membership List Find member function so the 'letter'Mark Sapiro2009-01-101-2/+5
| | | | | | | | links to a chunked result would still be limited to the Find member search. SF patch #1532081. - Changed scripts/driver to return a 405 status for non GET, POST, HEAD methods. SF patch #1578756.
* Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw2008-11-121-3/+3
| | | | I've modified the patch to improve some of the stylistic issues.
* Fixed a bug in admin.py which would result in chunked pages of the membershipMark Sapiro2008-07-301-10/+5
| | | | | | list for members whose address begins with a non-alphanumeric character to not be visible or retrievable.
* - CGI/admin.pymsapiro2007-05-081-17/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.
* Fixed admin.py so null VARHELP category is handled (1573393).msapiro2006-10-111-4/+5
|
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-301-7/+8
| | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
* A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw2005-12-301-1/+2
| | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
* Improving banned subscription logic to cover all invites, subscribes, ↵msapiro2005-12-031-1/+4
| | | | address changes and confirmations of same.
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
|
* admin.py:bwarsaw2004-12-281-5/+3
| | | | | | | | | | | | | | | show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
* adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw2003-12-241-5/+6
| | | | | | and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* get_item_gui_value(): Added a new widget HeaderFilter and associated code tobwarsaw2003-12-011-2/+72
| | | | | | | | build the interface from header_filter_rules. Here you can specify a set of regular expressions to test against a message's (outer) headers. You can also specify the action to take when a rule matches. These are available on Privacy->Spam Filters page.
* change_options(): When calling ApprovedAddMember(), pass a meaningfulbwarsaw2003-11-211-2/+3
| | | | value to the whence argument.
* Backporting from the HEAD -- updated cgi'sbwarsaw2003-09-221-1/+3
|
* Backporting from trunkbwarsaw2003-03-311-1/+1
|
* Backporting from the trunk.bwarsaw2003-02-081-2/+2
|
* This commit was manufactured by cvs2svn to create branch2003-01-021-0/+1407
'Release_2_1-maint'.