aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Expand)AuthorFilesLines
2018-02-04Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro1-15/+17
2018-02-03It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro1-3/+1
2018-01-30Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro1-3/+5
2018-01-30Update Japanese translation (with msgid fix)Yasuhito FUTATSUKI at POEM1-3/+3
2018-01-29Allow the list subscription form to be protected from spam bots usingDavid Siebörger2-0/+32
2017-06-24Added screen reader labels to some admindb radio buttons.Mark Sapiro1-15/+10
2017-06-21Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro1-7/+16
2017-06-09Display date of held subscriptions and keep newest.Mark Sapiro1-6/+11
2017-06-07Reverted another getfirst in the multi-value CGI defence.Mark Sapiro1-1/+1
2017-06-05Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro10-12/+12
2017-06-05Defend against CGI requests with multiple values for the same parameter.Mark Sapiro11-105/+105
2017-06-04Fixed a regression in Cgi/options.py.Mark Sapiro1-12/+12
2017-04-25Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro1-1/+1
2017-02-22Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro1-1/+1
2017-02-03Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro1-3/+3
2016-10-27Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro1-4/+5
2016-10-11Further changes to keep domains aligned with virtual list notification emailsJim Popovitch1-3/+2
2016-09-29Fix unicode links in multi-page admin Membership list search results.Mark Sapiro1-2/+5
2016-08-26Fixes for CVE-2016-6893 and more.Mark Sapiro3-5/+71
2016-07-19Membership List letter links could be incorrectly rendered as Unicode.Mark Sapiro1-0/+3
2016-07-14Catch TypeError from certain defective crafted POST requests.Mark Sapiro11-14/+132
2016-05-22Prior fix for lp:1573623 at rev 1647 was incomplete.Mark Sapiro1-2/+3
2016-05-18Added a bunch more templates to those that can be edited via the GUI.Mark Sapiro1-1/+13
2016-05-17Catch MMUnknownListError in case list is removed after listing names.Mark Sapiro2-3/+11
2016-04-22White space left of Logout link is no longer part of the link.Mark Sapiro1-3/+4
2015-12-06Submitting the user options form for a user who was asynchronouslyMark Sapiro1-0/+8
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+8
2015-07-20Don't show digest options on user's options page for non-digestable lists.Mark Sapiro1-2/+8
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch3-9/+18
2015-04-23If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2-12/+35
2015-04-13Improved search in admin UI Membership List.Mark Sapiro1-1/+10
2015-03-09Implemented member address change via the admin GUI.Mark Sapiro1-1/+109
2015-02-03Bumped copyright year for prior change.Mark Sapiro1-1/+1
2015-01-30The admindb interface has been fixed so the the detail message bodyMark Sapiro1-8/+6
2015-01-22A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2-18/+21
2014-12-20Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the defaultMark Sapiro1-1/+2
2014-11-07Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro1-0/+7
2014-09-21The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro1-0/+12
2014-06-09<label> tags have been added around most check boxes and radio buttonsMark Sapiro1-10/+29
2014-05-02Removed HTML tags from the title of a couple of rmlist.py pages becauseMark Sapiro1-2/+2
2014-04-15Fixed the admin Membership List so a search string if any is not lostMark Sapiro1-1/+2
2014-03-21 - Added the list name to the vette log "held message approved" entry.Mark Sapiro10-20/+20
2014-02-07Changed the message from the confirm CGI to not indicate approval isMark Sapiro1-2/+3
2013-07-19Enable setting a default grouping/sorting for the admindb held messageMark Sapiro1-4/+7
2013-07-18Backported the held message sorting to 2.1 and made it optional.Mark Sapiro1-18/+51
2013-06-07- It is no longer possible to add 'invalid' addresses to the ban_listMark Sapiro1-15/+39
2013-04-03The pending (un)subscriptions waiting approval are now sorted by emailMark Sapiro1-5/+5
2012-12-14Added a minimum delay between retrieval and submission of the subscribe form.Mark Sapiro1-0/+4
2012-11-24Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2-2/+34
2012-10-30Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro1-1/+2