aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Collapse)AuthorFilesLines
2006-04-04Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi1-2/+3
2006-01-09Bug fix: import re module.tkikuchi1-1/+2
2005-12-30A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw6-22/+25
normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
2005-12-12Log hostile path to mischief, not errormsapiro1-1/+1
2005-12-12Fixes for bug 1080943.msapiro1-6/+27
Add error response for ./ and ../ in URL
2005-12-03Improving banned subscription logic to cover all invites, subscribes, ↵msapiro4-3/+29
address changes and confirmations of same.
2005-11-30List admins should be disallowd to insert script tags.tkikuchi1-0/+1
2005-11-30As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi1-11/+56
This is not good if list admin cannot be fully trusted. This patch disables the list admin's ability of changing the user option/subscription globally; changes are effective only within the list. Site admin can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
2005-11-09Make sure the moderate selection is initialized frommsapiro1-3/+9
DEFAULT_DEFAULT_MEMBER_MODERATION and preserved across errors.
2005-08-27FSF office has moved to 51 Franklin Street.tkikuchi14-14/+14
2005-05-02Copyright years.bwarsaw1-1/+1
2005-05-02ChangeHTML(): Set umask to 0 while creating the langdir. Fixes SF bugbwarsaw1-3/+7
#1190404
2005-02-10Spelling and copyright years updates.bwarsaw1-3/+3
2005-02-10Checkin for initial workaround for directry traverse flaw in private.py.tkikuchi1-3/+6
This is for the people who think 'CVS should be safe' and not final solution.
2004-12-30From the NEWS file:bwarsaw1-1/+2
- Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators.
2004-12-28admin.py:bwarsaw2-9/+8
show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
2004-12-07[ mailman-Bugs-1047532 ] problem with "discard all ..."tkikuchi1-12/+14
[ mailman-Patches-1080477 ] discard all marked as defer Fixed in a different way for what "all" means may confusing when partial message list are shown. Also fixed 'details' case.
2004-12-04Python 2.4 checks strftime() more strict.tkikuchi1-1/+2
Split GetConfirmSubject into Leave/Join.
2004-12-01Precautions against 'charset=' (empty) message.tkikuchi1-1/+1
2004-10-19[ 874764 ] -admin address is now equiv to -bouncetkikuchi1-3/+3
2004-10-13[ 1045909 ] user cancel of pending subscription failstkikuchi1-2/+6
2004-04-30main(): Add discard checkbox above the last submit button too.bwarsaw1-0/+5
2004-04-25main(), process_form(): Due to popular demand, added SF patch # 810675 whichbwarsaw1-1/+13
adds a "discard all messages marked Defer" for quicker admindb maintenance. Patch by Eddie Kohler, SF id xexd.
2004-02-29process_request(): Catch base class of EmailAddressError so eitherbwarsaw1-2/+2
MMBadEmailError or MMHostileAddress will be caught.
2004-02-29main(): The list lock must be held in order to pend unsubscription requests.bwarsaw1-12/+13
2004-02-17main(): It's possible that if you're logged in as the list admin, you can getbwarsaw1-3/+5
to the end of the function trying to present the options page for a non-existant user, causing a traceback. At the last second, do one more isMember() check and return the loginpage if the address isn't a member of the list.
2004-02-10main(), subscription_cancel(), unsubscription_cancel(), addrchange_cancel()bwarsaw1-17/+36
addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm(): Convert to the new pending database interface. expunge(): A helper function which ensures that the list is locked before expunging an item from the confirmation database.
2003-12-27show_pending_subs(): The address in the pending database may be a unicode, butbwarsaw1-1/+3
it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show up. Closes SF 862906.
2003-12-27show_helds_overview(), show_post_requests(): Another part of TK'sbwarsaw1-2/+13
patch # 865661. Encode the subject header in the list's preferred character set and make sure it is all on one line.
2003-12-24adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw1-5/+6
and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
2003-12-24listinfo_overview(): Richard Barrett's patch # 828811 to reducebwarsaw1-5/+6
listinfo and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
2003-12-22Comment repair.bwarsaw1-1/+1
2003-12-01subscription_prompt(): Make text and submit button have consistent text.bwarsaw1-2/+2
Closes SF bug # 816410.
2003-12-01get_item_gui_value(): Added a new widget HeaderFilter and associated code tobwarsaw1-2/+72
build the interface from header_filter_rules. Here you can specify a set of regular expressions to test against a message's (outer) headers. You can also specify the action to take when a rule matches. These are available on Privacy->Spam Filters page.
2003-11-24process_request(): In response to SF bug # 835870, we now check thebwarsaw1-5/+12
calculated host name, and if VIRTUAL_HOST_OVERVIEW is true, that host name must match one of our known virtual hosts. Otherwise we'll refuse to create the list. If VIRTUAL_HOST_OVERVIEW is false, we'll do no checking (meaning the old behavior of being able to create a list with a non-fqdn hostname still exists). Also, pass the email host name into the MailList.Create() call.
2003-11-21change_options(): When calling ApprovedAddMember(), pass a meaningfulbwarsaw1-2/+3
value to the whence argument.
2003-11-03main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw1-4/+24
ignored for the unsub button on the member login page. Report and original patch by Pasi Sjoholm, modify by Barry. Forward port candidate.
2003-09-28process_request(), request_creation(): Close cross-site scriptingbwarsaw1-14/+20
exploits found by Ned Dawes. Also, whitespace normalization. Backported from HEAD.
2003-09-22Backporting from the HEAD -- updated cgi'sbwarsaw3-3/+5
2003-04-07Backporting from trunk.bwarsaw1-2/+0
2003-03-31Backporting from trunkbwarsaw2-1/+6
2003-03-31Backporting SF patch #683906, add $DESTDIR to install target, bybwarsaw1-2/+3
Ademar de Souza Reis Jr
2003-02-08Backporting from the trunk.bwarsaw8-64/+81
2003-01-02main(): In the change-of-address section, we only want to show thebwarsaw1-3/+5
"you are already using that email address" message if the newaddress matches the case-preserved (subscribed) address. Also, in the set_address section, if cpuser is None, set it to the the user address, since that's what we'll use now as the old address in the ChangeMemberAddress() call. This and related changes should fix problems when the address we're changing to differs for the current address by case only.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 00:26:30 +0000