aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-03-06Strip leading/trailing spaces from login email for private and options login.Mark Sapiro2-3/+4
2018-12-30Corrected and augmented some security log messages.Mark Sapiro4-3/+17
2018-08-07Catch TypeError on simultaneous confirmations of the same token.Mark Sapiro1-5/+19
2018-07-15fix python doc urlsYasuhito FUTATSUKI at POEM1-1/+1
2018-07-09Add language selecter to "HTML Page Editing" page for multi-lang listsYasuhito FUTATSUKI at POEM1-7/+34
Add back link from editing page to editing page selection page
2018-06-22* apply Utils.websafe() to description string in admin.pyYasuhito FUTATSUKI at POEM1-1/+1
* Use GetDescription() in HTMLFormatter.py
2018-06-22enhance i18n of listinfo overviewYasuhito FUTATSUKI at POEM2-2/+2
* make sure list's description charset as its preferred_language's * get description as a string of charset caller wanted
2018-06-18Added global _ where needed.Mark Sapiro2-0/+2
2018-06-17Bump copyright dates.Mark Sapiro12-11/+11
2018-06-16enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2-4/+7
2018-06-10Changes based on feedback from Mark.Jim Popovitch2-5/+8
2018-06-06Improved logging of security related eventsJim Popovitch5-0/+25
2018-06-03Separate data in CSRF token by colon to avoid collisions.Ralf Jung2-6/+6
This makes the data-to-token function injective. Previously, for example, the list called "list1" and the IP "10.0.0.0" would have the same hash as the list called "list" and the IP "110.0.0.0", as the strings were just concatenated.
2018-05-26Internationalize the noscript note added to reCAPTCHA.Mark Sapiro1-2/+3
2018-05-05Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro1-0/+1
2018-03-01Removed a Python 2.7 dependency introduced in 2.1.26.Mark Sapiro1-1/+1
2018-02-04Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro1-15/+17
2018-02-03It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro1-3/+1
2018-01-30Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro1-3/+5
2018-01-30Update Japanese translation (with msgid fix)Yasuhito FUTATSUKI at POEM1-3/+3
2018-01-29Allow the list subscription form to be protected from spam bots usingDavid Siebörger2-0/+32
reCAPTCHA.
2017-06-24Added screen reader labels to some admindb radio buttons.Mark Sapiro1-15/+10
2017-06-21Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro1-7/+16
2017-06-09Display date of held subscriptions and keep newest.Mark Sapiro1-6/+11
2017-06-07Reverted another getfirst in the multi-value CGI defence.Mark Sapiro1-1/+1
2017-06-05Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro10-12/+12
2017-06-05Defend against CGI requests with multiple values for the same parameter.Mark Sapiro11-105/+105
2017-06-04Fixed a regression in Cgi/options.py.Mark Sapiro1-12/+12
2017-04-25Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro1-1/+1
Update i18n.
2017-02-22Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro1-1/+1
2017-02-03Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro1-3/+3
containing a % character.
2016-10-27Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro1-4/+5
Membership List pages.
2016-10-11Further changes to keep domains aligned with virtual list notification emailsJim Popovitch1-3/+2
2016-09-29Fix unicode links in multi-page admin Membership list search results.Mark Sapiro1-2/+5
2016-08-26Fixes for CVE-2016-6893 and more.Mark Sapiro3-5/+71
2016-07-19Membership List letter links could be incorrectly rendered as Unicode.Mark Sapiro1-0/+3
2016-07-14Catch TypeError from certain defective crafted POST requests.Mark Sapiro11-14/+132
2016-05-22Prior fix for lp:1573623 at rev 1647 was incomplete.Mark Sapiro1-2/+3
2016-05-18Added a bunch more templates to those that can be edited via the GUI.Mark Sapiro1-1/+13
2016-05-17Catch MMUnknownListError in case list is removed after listing names.Mark Sapiro2-3/+11
2016-04-22White space left of Logout link is no longer part of the link.Mark Sapiro1-3/+4
2015-12-06Submitting the user options form for a user who was asynchronouslyMark Sapiro1-0/+8
unsubscribed would throw an uncaught NotAMemberError.
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+8
data containing multiple occurrences of the same variable.
2015-07-20Don't show digest options on user's options page for non-digestable lists.Mark Sapiro1-2/+8
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch3-9/+18
2015-04-23If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2-12/+35
balancer or similar in use the POSTing IP might not exactly match the GETting IP. This is now accounted for by not requiring the last octet (16 bits for ipV6) to match.
2015-04-13Improved search in admin UI Membership List.Mark Sapiro1-1/+10
2015-03-09Implemented member address change via the admin GUI.Mark Sapiro1-1/+109
Updated mailman.pot and mailman.po files with the new strings.
2015-02-03Bumped copyright year for prior change.Mark Sapiro1-1/+1
2015-01-30The admindb interface has been fixed so the the detail message bodyMark Sapiro1-8/+6
display doesn't lose part of a multi-byte character, and characters which are invalid in the message's charset are replaced rather than the whole body not being converted to the display charset.