index
:
mailman2
master
upstream/2.1
mirror of https://code.launchpad.net/~mailman-coders/mailman/2.1
git
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
Mailman
/
Cgi
/
options.py
(
unfollow
)
Commit message (
Expand
)
Author
Files
Lines
2021-11-03
Fix a potentail XSS attack via the user options page.
Mark Sapiro
1
-0
/
+2
2021-10-18
Fixes for CVEs 2021-42096 and 2021-42097.
Mark Sapiro
1
-13
/
+12
2020-05-18
Extend REFUSE_SECOND_PENDING to unsubscription as well.
Mark Sapiro
1
-0
/
+3
2020-05-05
Fixed options login content injection vulnerability.
Mark Sapiro
1
-1
/
+1
2019-03-06
Strip leading/trailing spaces from login email for private and options login.
Mark Sapiro
1
-2
/
+3
2018-12-30
Corrected and augmented some security log messages.
Mark Sapiro
1
-1
/
+1
2018-06-18
Added global _ where needed.
Mark Sapiro
1
-0
/
+1
2018-06-16
enhance i18n in admin(un)?subscribeack messages
Yasuhito FUTATSUKI at POEM
1
-1
/
+2
2018-06-10
Changes based on feedback from Mark.
Jim Popovitch
1
-4
/
+6
2018-02-04
Fix XSS and info leak in options CGI - CVE-2018-5950
Mark Sapiro
1
-15
/
+17
2017-06-07
Reverted another getfirst in the multi-value CGI defence.
Mark Sapiro
1
-1
/
+1
2017-06-05
Bumped Copyrights and fixed a bug in prior commit.
Mark Sapiro
1
-1
/
+1
2017-06-05
Defend against CGI requests with multiple values for the same parameter.
Mark Sapiro
1
-22
/
+22
2017-06-04
Fixed a regression in Cgi/options.py.
Mark Sapiro
1
-12
/
+12
2016-08-26
Fixes for CVE-2016-6893 and more.
Mark Sapiro
1
-1
/
+27
2016-07-14
Catch TypeError from certain defective crafted POST requests.
Mark Sapiro
1
-2
/
+12
2015-12-06
Submitting the user options form for a user who was asynchronously
Mark Sapiro
1
-0
/
+8
2015-09-16
Defended against a user submitting URLs with query fragments or POST
Mark Sapiro
1
-0
/
+8
2015-07-20
Don't show digest options on user's options page for non-digestable lists.
Mark Sapiro
1
-2
/
+8
2015-06-23
Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239)
Jim Popovitch
1
-3
/
+10
2015-01-22
A number of changes from the unofficial 2.2 branch have been backported to
Mark Sapiro
1
-15
/
+17
2014-11-07
Catch the NotAMemberError exception thrown if an authenticated
Mark Sapiro
1
-0
/
+7
2014-09-21
The options CGI now rejects all but HTTP GET and POST requests.
Mark Sapiro
1
-0
/
+12
2014-03-21
- Added the list name to the vette log "held message approved" entry.
Mark Sapiro
1
-2
/
+2
2011-06-07
The user options 'list my other subscriptions' page now indicates for
Mark Sapiro
1
-0
/
+6
2011-05-09
Prevented setting user passwords with leading/trailing whitespace. Bug #778088.
Mark Sapiro
1
-3
/
+3
2010-07-27
Changed the member options login page unsubscribe request to include the
Mark Sapiro
1
-1
/
+2
2010-03-29
Added roster to the CGIs that return HTTP 401 status for an authentication
Mark Sapiro
1
-0
/
+2
2010-02-04
We now give an HTTP 401 status for authentication failures from admin,
Mark Sapiro
1
-1
/
+3
2008-04-14
options.py - Made the ability for a list admin to change a members password
Mark Sapiro
1
-0
/
+8
2008-03-06
CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:
Mark Sapiro
1
-4
/
+7
2007-11-04
- Cgi/options.py - fixed to not present the "empty" topic to user.
Mark Sapiro
1
-1
/
+3
2006-08-30
CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery by
bwarsaw
1
-2
/
+2
2005-12-03
Improving banned subscription logic to cover all invites, subscribes, address...
msapiro
1
-0
/
+5
2005-11-30
As of 2.1.6, List admins can change user's option/subscription globally.
tkikuchi
1
-11
/
+56
2005-08-27
FSF office has moved to 51 Franklin Street.
tkikuchi
1
-1
/
+1
2004-02-29
main(): The list lock must be held in order to pend unsubscription requests.
bwarsaw
1
-12
/
+13
2004-02-17
main(): It's possible that if you're logged in as the list admin, you can get
bwarsaw
1
-3
/
+5
2003-11-03
main(): Fix for bug #832748, where unsubscribe_policy was being
bwarsaw
1
-4
/
+24
2003-02-08
Backporting from the trunk.
bwarsaw
1
-15
/
+26
2003-01-02
main(): In the change-of-address section, we only want to show the
bwarsaw
1
-3
/
+5