aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/listinfo.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Separate data in CSRF token by colon to avoid collisions.Ralf Jung2018-06-031-3/+3
| | | | | | This makes the data-to-token function injective. Previously, for example, the list called "list1" and the IP "10.0.0.0" would have the same hash as the list called "list" and the IP "110.0.0.0", as the strings were just concatenated.
* Internationalize the noscript note added to reCAPTCHA.Mark Sapiro2018-05-261-2/+3
|
* Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro2018-05-051-0/+1
|
* It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro2018-02-031-3/+1
|
* Added the ability to add reCAPTCHA to the listinfo subscribe form.Mark Sapiro2018-01-291-1/+14
|\
| * Allow the list subscription form to be protected from spam bots usingDavid Siebörger2018-01-291-0/+10
|/ | | | reCAPTCHA.
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-051-1/+1
|
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-051-1/+1
|
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-141-1/+13
|
* Catch MMUnknownListError in case list is removed after listing names.Mark Sapiro2016-05-171-2/+6
|
* Improved identification of remote clients coming via a proxy server.Mark Sapiro2015-06-231-3/+4
|\
| * Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-231-3/+4
|/
* If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2015-04-231-4/+14
| | | | | | balancer or similar in use the POSTing IP might not exactly match the GETting IP. This is now accounted for by not requiring the last octet (16 bits for ipV6) to match.
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-211-2/+2
| | | | | | | | | | (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries.
* Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2012-11-241-1/+15
|
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-2/+2
|
* Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2010-06-231-2/+3
| | | | overview pages if its web_page_url contained a :port. Bug # 597741.
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-291-0/+2
| | | | failure, and return HTTP 404 status from all CGIs for an invalid list name.
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-311-3/+4
|
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
|
* listinfo_overview(): Richard Barrett's patch # 828811 to reducebwarsaw2003-12-241-5/+6
| | | | | | listinfo and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* Backporting from the HEAD -- updated cgi'sbwarsaw2003-09-221-1/+1
|
* Backporting from the trunk.bwarsaw2003-02-081-6/+8
|
* This commit was manufactured by cvs2svn to create branch2003-01-021-0/+206
'Release_2_1-maint'.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 20:13:06 +0000