index
:
mailman2
master
upstream/2.1
mirror of https://code.launchpad.net/~mailman-coders/mailman/2.1
git
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
Mailman
/
Cgi
/
options.py
(
follow
)
Commit message (
Expand
)
Author
Age
Files
Lines
*
Implement security log.
Mark Sapiro
2018-06-11
1
-4
/
+7
|
\
|
*
Changes based on feedback from Mark.
Jim Popovitch
2018-06-10
1
-4
/
+6
|
/
*
Fix XSS and info leak in options CGI - CVE-2018-5950
Mark Sapiro
2018-02-04
1
-15
/
+17
*
Reverted another getfirst in the multi-value CGI defence.
Mark Sapiro
2017-06-07
1
-1
/
+1
*
Bumped Copyrights and fixed a bug in prior commit.
Mark Sapiro
2017-06-05
1
-1
/
+1
*
Defend against CGI requests with multiple values for the same parameter.
Mark Sapiro
2017-06-05
1
-22
/
+22
*
Fixed a regression in Cgi/options.py.
Mark Sapiro
2017-06-04
1
-12
/
+12
*
Fixes for CVE-2016-6893 and more.
Mark Sapiro
2016-08-26
1
-1
/
+27
*
Catch TypeError from certain defective crafted POST requests.
Mark Sapiro
2016-07-14
1
-2
/
+12
*
Submitting the user options form for a user who was asynchronously
Mark Sapiro
2015-12-06
1
-0
/
+8
*
Defended against a user submitting URLs with query fragments or POST
Mark Sapiro
2015-09-16
1
-0
/
+8
*
Don't show digest options on user's options page for non-digestable lists.
Mark Sapiro
2015-07-20
1
-2
/
+8
*
Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239)
Jim Popovitch
2015-06-23
1
-3
/
+10
*
A number of changes from the unofficial 2.2 branch have been backported to
Mark Sapiro
2015-01-22
1
-15
/
+17
*
Catch the NotAMemberError exception thrown if an authenticated
Mark Sapiro
2014-11-07
1
-0
/
+7
*
The options CGI now rejects all but HTTP GET and POST requests.
Mark Sapiro
2014-09-21
1
-0
/
+12
*
- Added the list name to the vette log "held message approved" entry.
Mark Sapiro
2014-03-21
1
-2
/
+2
*
The user options 'list my other subscriptions' page now indicates for
Mark Sapiro
2011-06-07
1
-0
/
+6
*
Prevented setting user passwords with leading/trailing whitespace. Bug #778088.
Mark Sapiro
2011-05-09
1
-3
/
+3
*
Changed the member options login page unsubscribe request to include the
Mark Sapiro
2010-07-27
1
-1
/
+2
*
Added roster to the CGIs that return HTTP 401 status for an authentication
Mark Sapiro
2010-03-29
1
-0
/
+2
*
We now give an HTTP 401 status for authentication failures from admin,
Mark Sapiro
2010-02-04
1
-1
/
+3
*
options.py - Made the ability for a list admin to change a members password
Mark Sapiro
2008-04-14
1
-0
/
+8
*
CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:
Mark Sapiro
2008-03-06
1
-4
/
+7
*
- Cgi/options.py - fixed to not present the "empty" topic to user.
Mark Sapiro
2007-11-04
1
-1
/
+3
*
CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery by
bwarsaw
2006-08-30
1
-2
/
+2
*
Improving banned subscription logic to cover all invites, subscribes, address...
msapiro
2005-12-03
1
-0
/
+5
*
As of 2.1.6, List admins can change user's option/subscription globally.
tkikuchi
2005-11-30
1
-11
/
+56
*
FSF office has moved to 51 Franklin Street.
tkikuchi
2005-08-27
1
-1
/
+1
*
main(): The list lock must be held in order to pend unsubscription requests.
bwarsaw
2004-02-29
1
-12
/
+13
*
main(): It's possible that if you're logged in as the list admin, you can get
bwarsaw
2004-02-17
1
-3
/
+5
*
main(): Fix for bug #832748, where unsubscribe_policy was being
bwarsaw
2003-11-03
1
-4
/
+24
*
Backporting from the trunk.
bwarsaw
2003-02-08
1
-15
/
+26
*
main(): In the change-of-address section, we only want to show the
bwarsaw
2003-01-02
1
-3
/
+5
*
This commit was manufactured by cvs2svn to create branch
2003-01-02
1
-0
/
+950