aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/admin.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* * apply Utils.websafe() to description string in admin.pyYasuhito FUTATSUKI at POEM2018-06-221-1/+1
| | | | * Use GetDescription() in HTMLFormatter.py
* enhance i18n of listinfo overviewYasuhito FUTATSUKI at POEM2018-06-221-1/+1
| | | | | * make sure list's description charset as its preferred_language's * get description as a string of charset caller wanted
* Added global _ where needed.Mark Sapiro2018-06-181-0/+1
|
* Bump copyright dates.Mark Sapiro2018-06-171-1/+1
|
* I18n for new whence reasons in admin (un)subscribe notices.Mark Sapiro2018-06-171-3/+14
|\
| * enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2018-06-161-3/+5
|/
* Implement security log.Mark Sapiro2018-06-111-0/+7
|\
| * Improved logging of security related eventsJim Popovitch2018-06-061-0/+5
|/
* Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro2017-06-211-7/+16
|
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-051-1/+1
|
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-051-24/+24
|
* Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro2017-04-251-1/+1
| | | Update i18n.
* Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro2016-10-271-4/+5
| | | Membership List pages.
* Fix unicode links in multi-page admin Membership list search results.Mark Sapiro2016-09-291-2/+5
|
* Membership List letter links could be incorrectly rendered as Unicode.Mark Sapiro2016-07-191-0/+3
|
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-141-1/+13
|
* Catch MMUnknownListError in case list is removed after listing names.Mark Sapiro2016-05-171-1/+5
|
* Improved search in admin UI Membership List.Mark Sapiro2015-04-131-1/+10
|
* Implemented member address change via the admin GUI.Mark Sapiro2015-03-091-1/+109
| | | Updated mailman.pot and mailman.po files with the new strings.
* Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the defaultMark Sapiro2014-12-201-1/+2
| | | | for the admin Mass Subscriptions page.
* Fixed the admin Membership List so a search string if any is not lostMark Sapiro2014-04-151-1/+2
| | | | when visiting subsequent fragments of a chunked list.
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-211-3/+3
| | | | | | | | | | (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries.
* Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro2012-10-301-1/+2
|
* The query fragments send_unsub_notifications_to_list_owner andMark Sapiro2012-08-221-9/+7
| | | | | send_unsub_ack_to_this_batch will now assume default values if not set in mass unsubscribe URLs. (LP: #1032378)
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
|
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
|
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-251-0/+27
| | | | | | be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-231-0/+3
| | | | | admindb logout effective for a site admin cookie if allowed. Bug #769318.
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
|
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-141-3/+5
| | | | | setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-101-3/+3
| | | | Bug #426979.
* Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro2010-07-021-1/+1
| | | | listinfo.
* Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2010-06-231-2/+3
| | | | overview pages if its web_page_url contained a :port. Bug # 597741.
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-291-0/+2
| | | | failure, and return HTTP 404 status from all CGIs for an invalid list name.
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-311-1/+1
|
* Updated links to Python documentation.Mark Sapiro2009-01-111-1/+2
|
* - Fixed the admin Membership List Find member function so the 'letter'Mark Sapiro2009-01-101-2/+5
| | | | | | | | links to a chunked result would still be limited to the Find member search. SF patch #1532081. - Changed scripts/driver to return a 405 status for non GET, POST, HEAD methods. SF patch #1578756.
* Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw2008-11-121-3/+3
| | | | I've modified the patch to improve some of the stylistic issues.
* Fixed a bug in admin.py which would result in chunked pages of the membershipMark Sapiro2008-07-301-10/+5
| | | | | | list for members whose address begins with a non-alphanumeric character to not be visible or retrievable.
* - CGI/admin.pymsapiro2007-05-081-17/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.
* Fixed admin.py so null VARHELP category is handled (1573393).msapiro2006-10-111-4/+5
|
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-301-7/+8
| | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
* A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw2005-12-301-1/+2
| | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
* Improving banned subscription logic to cover all invites, subscribes, ↵msapiro2005-12-031-1/+4
| | | | address changes and confirmations of same.
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
|
* admin.py:bwarsaw2004-12-281-5/+3
| | | | | | | | | | | | | | | show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
* adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw2003-12-241-5/+6
| | | | | | and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* get_item_gui_value(): Added a new widget HeaderFilter and associated code tobwarsaw2003-12-011-2/+72
| | | | | | | | build the interface from header_filter_rules. Here you can specify a set of regular expressions to test against a message's (outer) headers. You can also specify the action to take when a rule matches. These are available on Privacy->Spam Filters page.
* change_options(): When calling ApprovedAddMember(), pass a meaningfulbwarsaw2003-11-211-2/+3
| | | | value to the whence argument.
* Backporting from the HEAD -- updated cgi'sbwarsaw2003-09-221-1/+3
|