aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+8
data containing multiple occurrences of the same variable.
2015-07-20Don't show digest options on user's options page for non-digestable lists.Mark Sapiro1-2/+8
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch3-9/+18
2015-04-23If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2-12/+35
balancer or similar in use the POSTing IP might not exactly match the GETting IP. This is now accounted for by not requiring the last octet (16 bits for ipV6) to match.
2015-04-13Improved search in admin UI Membership List.Mark Sapiro1-1/+10
2015-03-09Implemented member address change via the admin GUI.Mark Sapiro1-1/+109
Updated mailman.pot and mailman.po files with the new strings.
2015-02-03Bumped copyright year for prior change.Mark Sapiro1-1/+1
2015-01-30The admindb interface has been fixed so the the detail message bodyMark Sapiro1-8/+6
display doesn't lose part of a multi-byte character, and characters which are invalid in the message's charset are replaced rather than the whole body not being converted to the display charset.
2015-01-22A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2-18/+21
the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained.
2014-12-20Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the defaultMark Sapiro1-1/+2
for the admin Mass Subscriptions page.
2014-11-07Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro1-0/+7
unsubscribe is submitted from the user options page for a nonmember.
2014-09-21The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro1-0/+12
2014-06-09<label> tags have been added around most check boxes and radio buttonsMark Sapiro1-10/+29
and their text labels in the admin and admindb web GUI so they can be (de)selected by clicking the text. (LP: #266391)
2014-05-02Removed HTML tags from the title of a couple of rmlist.py pages becauseMark Sapiro1-2/+2
browsers don't render tags in the title. (LP: #265848)
2014-04-15Fixed the admin Membership List so a search string if any is not lostMark Sapiro1-1/+2
when visiting subsequent fragments of a chunked list.
2014-03-21 - Added the list name to the vette log "held message approved" entry.Mark Sapiro10-20/+20
(LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries.
2014-02-07Changed the message from the confirm CGI to not indicate approval isMark Sapiro1-2/+3
required for an acceptance of an invitation.
2013-07-19Enable setting a default grouping/sorting for the admindb held messageMark Sapiro1-4/+7
summary via a DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting.
2013-07-18Backported the held message sorting to 2.1 and made it optional.Mark Sapiro1-18/+51
2013-06-07- It is no longer possible to add 'invalid' addresses to the ban_listMark Sapiro1-15/+39
and the *_these_nonmembers filters from the check boxes on the admindb interface. (LP: #1187201)
2013-04-03The pending (un)subscriptions waiting approval are now sorted by emailMark Sapiro1-5/+5
address in the admindb interface as intended. (LP: 1164160)
2012-12-14Added a minimum delay between retrieval and submission of the subscribe form.Mark Sapiro1-0/+4
2012-11-24Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2-2/+34
2012-10-30Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro1-1/+2
2012-08-22The query fragments send_unsub_notifications_to_list_owner andMark Sapiro1-9/+7
send_unsub_ack_to_this_batch will now assume default values if not set in mass unsubscribe URLs. (LP: #1032378)
2012-06-20Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update.Mark Sapiro1-0/+0
2012-03-25Backported the password reminder from private archive login feature from theMark Sapiro1-1/+22
2.2 branch.
2012-02-23Added a few more safe_params to the CSRF check.Mark Sapiro1-1/+2
2012-02-05Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro1-6/+26
2011-12-31Fix for bug #629738 could cause a crash in the admindb details displayMark Sapiro1-1/+3
if the decoded message body contained characters not in the character set of the list's preferred language. Fixed. Bug #910440.
2011-11-12Added masthead.txt to the list of templates that can be edited via theMark Sapiro1-1/+2
web admin interface. Bug #266805.
2011-06-07The user options 'list my other subscriptions' page now indicates forMark Sapiro1-0/+6
each list if the subscription is 'nomail' or 'digest'. Bug #793669.
2011-05-10Fixed a problem in admindb.py where the character set for the display ofMark Sapiro1-1/+8
the message body excerpt was not correctly determined. Bug #779751.
2011-05-09Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro3-10/+10
2011-04-25A new list poster password has been implemented. This password may onlyMark Sapiro1-0/+27
be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
2011-04-23Added a logout link to the admindb interface and made both admin andMark Sapiro2-3/+27
admindb logout effective for a site admin cookie if allowed. Bug #769318.
2011-04-15Refactor last change for i18n.Mark Sapiro1-5/+7
2011-04-14Added a report of the affected members to the warnings issued whenMark Sapiro1-3/+5
setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
2011-03-29Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro1-2/+2
the supplied email address. Bug #745432.
2011-02-18An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro1-3/+3
2011-02-07- Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro1-2/+3
already handled. Bug #266224.
2011-02-05Updated copyright year for previous change.Mark Sapiro1-1/+1
2011-02-05Issue an HTTP 404 status for private archive file not found.Mark Sapiro1-0/+1
2010-09-10Made minor wording improvements and typo corrections in some messages.Mark Sapiro2-5/+5
Bug #426979.
2010-09-09Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro1-2/+2
2010-09-03Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro1-1/+1
message body excerpts for display. Bug #629738.
2010-07-27Changed the member options login page unsubscribe request to include theMark Sapiro1-1/+2
requesters IP address in the confirmation request. Bug #610527.
2010-07-02Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro1-1/+1
listinfo.
2010-06-25Fixed an issue in admindb that could result in a KeyError and "we hit aMark Sapiro1-6/+10
bug" response when a moderator acts on a post that had been handled by someone else after the first moderator had retrieved it. Bug #598671.
2010-06-23Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2-4/+6
overview pages if its web_page_url contained a :port. Bug # 597741.