aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/options.py (unfollow)
Commit message (Expand)AuthorFilesLines
2022-07-09Fixed a possible list membership leak via the user options CGI.HEADupstream/2.1masterMark Sapiro1-30/+30
2022-02-22Improve fix for lp:1961762 in prior commit.Mark Sapiro1-1/+2
2022-02-22Avoid 500 Internal Server Error for non-member with private roster.Mark Sapiro1-2/+2
2021-11-23Prior commit was incomplete.Mark Sapiro1-4/+5
2021-11-21Avoid NotAMemberError in CSRF check from user options page.Mark Sapiro1-11/+11
2021-11-03Fix a potentail XSS attack via the user options page.Mark Sapiro1-0/+2
2021-10-18Fixes for CVEs 2021-42096 and 2021-42097.Mark Sapiro1-13/+12
2020-05-18Extend REFUSE_SECOND_PENDING to unsubscription as well.Mark Sapiro1-0/+3
2020-05-05Fixed options login content injection vulnerability.Mark Sapiro1-1/+1
2019-03-06Strip leading/trailing spaces from login email for private and options login.Mark Sapiro1-2/+3
2018-12-30Corrected and augmented some security log messages.Mark Sapiro1-1/+1
2018-06-18Added global _ where needed.Mark Sapiro1-0/+1
2018-06-16enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM1-1/+2
2018-06-10Changes based on feedback from Mark.Jim Popovitch1-4/+6
2018-02-04Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro1-15/+17
2017-06-07Reverted another getfirst in the multi-value CGI defence.Mark Sapiro1-1/+1
2017-06-05Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro1-1/+1
2017-06-05Defend against CGI requests with multiple values for the same parameter.Mark Sapiro1-22/+22
2017-06-04Fixed a regression in Cgi/options.py.Mark Sapiro1-12/+12
2016-08-26Fixes for CVE-2016-6893 and more.Mark Sapiro1-1/+27
2016-07-14Catch TypeError from certain defective crafted POST requests.Mark Sapiro1-2/+12
2015-12-06Submitting the user options form for a user who was asynchronouslyMark Sapiro1-0/+8
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+8
2015-07-20Don't show digest options on user's options page for non-digestable lists.Mark Sapiro1-2/+8
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch1-3/+10
2015-01-22A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro1-15/+17
2014-11-07Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro1-0/+7
2014-09-21The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro1-0/+12
2014-03-21 - Added the list name to the vette log "held message approved" entry.Mark Sapiro1-2/+2
2011-06-07The user options 'list my other subscriptions' page now indicates forMark Sapiro1-0/+6
2011-05-09Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro1-3/+3
2010-07-27Changed the member options login page unsubscribe request to include theMark Sapiro1-1/+2
2010-03-29Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro1-0/+2
2010-02-04We now give an HTTP 401 status for authentication failures from admin,Mark Sapiro1-1/+3
2008-04-14options.py - Made the ability for a list admin to change a members passwordMark Sapiro1-0/+8
2008-03-06CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:Mark Sapiro1-4/+7
2007-11-04- Cgi/options.py - fixed to not present the "empty" topic to user.Mark Sapiro1-1/+3
2006-08-30CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw1-2/+2
2005-12-03Improving banned subscription logic to cover all invites, subscribes, address...msapiro1-0/+5
2005-11-30As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi1-11/+56
2005-08-27FSF office has moved to 51 Franklin Street.tkikuchi1-1/+1
2004-02-29main(): The list lock must be held in order to pend unsubscription requests.bwarsaw1-12/+13
2004-02-17main(): It's possible that if you're logged in as the list admin, you can getbwarsaw1-3/+5
2003-11-03main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw1-4/+24
2003-02-08Backporting from the trunk.bwarsaw1-15/+26
2003-01-02main(): In the change-of-address section, we only want to show thebwarsaw1-3/+5
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 13:59:32 +0000