aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/options.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro2018-02-041-15/+17
* Reverted another getfirst in the multi-value CGI defence.Mark Sapiro2017-06-071-1/+1
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-051-1/+1
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-051-22/+22
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
* Fixes for CVE-2016-6893 and more.Mark Sapiro2016-08-261-1/+27
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-141-2/+12
* Submitting the user options form for a user who was asynchronouslyMark Sapiro2015-12-061-0/+8
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+8
* Don't show digest options on user's options page for non-digestable lists.Mark Sapiro2015-07-201-2/+8
* Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-231-3/+10
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-221-15/+17
* Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro2014-11-071-0/+7
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+12
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-211-2/+2
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-091-3/+3
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-271-1/+2
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-291-0/+2
* We now give an HTTP 401 status for authentication failures from admin,Mark Sapiro2010-02-041-1/+3
* options.py - Made the ability for a list admin to change a members passwordMark Sapiro2008-04-141-0/+8
* CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:Mark Sapiro2008-03-061-4/+7
* - Cgi/options.py - fixed to not present the "empty" topic to user.Mark Sapiro2007-11-041-1/+3
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-301-2/+2
* Improving banned subscription logic to cover all invites, subscribes, address...msapiro2005-12-031-0/+5
* As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi2005-11-301-11/+56
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
* main(): The list lock must be held in order to pend unsubscription requests.bwarsaw2004-02-291-12/+13
* main(): It's possible that if you're logged in as the list admin, you can getbwarsaw2004-02-171-3/+5
* main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw2003-11-031-4/+24
* Backporting from the trunk.bwarsaw2003-02-081-15/+26
* main(): In the change-of-address section, we only want to show thebwarsaw2003-01-021-3/+5
* This commit was manufactured by cvs2svn to create branch2003-01-021-0/+950