aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/options.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Fixed a possible list membership leak via the user options CGI.HEADupstream/2.1masterMark Sapiro2022-07-091-30/+30
* Improve fix for lp:1961762 in prior commit.Mark Sapiro2022-02-221-1/+2
* Avoid 500 Internal Server Error for non-member with private roster.Mark Sapiro2022-02-221-2/+2
* Prior commit was incomplete.Mark Sapiro2021-11-231-4/+5
* Avoid NotAMemberError in CSRF check from user options page.Mark Sapiro2021-11-211-11/+11
* Fix a potentail XSS attack via the user options page.Mark Sapiro2021-11-031-0/+2
* Fixes for CVEs 2021-42096 and 2021-42097.Mark Sapiro2021-10-181-13/+12
* Extend REFUSE_SECOND_PENDING to unsubscription as well.Mark Sapiro2020-05-181-0/+3
* Fixed options login content injection vulnerability.Mark Sapiro2020-05-051-1/+1
* Strip leading/trailing spaces from login email for private and options login.Mark Sapiro2019-03-061-2/+3
* Corrected and augmented some security log messages.Mark Sapiro2018-12-301-1/+1
* Added global _ where needed.Mark Sapiro2018-06-181-0/+1
* I18n for new whence reasons in admin (un)subscribe notices.Mark Sapiro2018-06-171-1/+5
|\
| * enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2018-06-161-1/+2
|/
* Implement security log.Mark Sapiro2018-06-111-4/+7
|\
| * Changes based on feedback from Mark.Jim Popovitch2018-06-101-4/+6
|/
* Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro2018-02-041-15/+17
* Reverted another getfirst in the multi-value CGI defence.Mark Sapiro2017-06-071-1/+1
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-051-1/+1
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-051-22/+22
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
* Fixes for CVE-2016-6893 and more.Mark Sapiro2016-08-261-1/+27
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-141-2/+12
* Submitting the user options form for a user who was asynchronouslyMark Sapiro2015-12-061-0/+8
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+8
* Don't show digest options on user's options page for non-digestable lists.Mark Sapiro2015-07-201-2/+8
* Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-231-3/+10
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-221-15/+17
* Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro2014-11-071-0/+7
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+12
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-211-2/+2
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-091-3/+3
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-271-1/+2
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-291-0/+2
* We now give an HTTP 401 status for authentication failures from admin,Mark Sapiro2010-02-041-1/+3
* options.py - Made the ability for a list admin to change a members passwordMark Sapiro2008-04-141-0/+8
* CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:Mark Sapiro2008-03-061-4/+7
* - Cgi/options.py - fixed to not present the "empty" topic to user.Mark Sapiro2007-11-041-1/+3
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-301-2/+2
* Improving banned subscription logic to cover all invites, subscribes, address...msapiro2005-12-031-0/+5
* As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi2005-11-301-11/+56
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
* main(): The list lock must be held in order to pend unsubscription requests.bwarsaw2004-02-291-12/+13
* main(): It's possible that if you're logged in as the list admin, you can getbwarsaw2004-02-171-3/+5
* main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw2003-11-031-4/+24
* Backporting from the trunk.bwarsaw2003-02-081-15/+26
* main(): In the change-of-address section, we only want to show thebwarsaw2003-01-021-3/+5
* This commit was manufactured by cvs2svn to create branch2003-01-021-0/+950
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 03:40:38 +0000