aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Collapse)AuthorFilesLines
2009-02-03Fixed a bug in admindb.py in the implementation of replacing "No ReasonMark Sapiro1-2/+7
Given" with the default rejection reason. Bug #325016.
2009-01-20Two of the 'new' class exceptions are raised with an argument.Mark Sapiro1-4/+5
2009-01-11Updated links to Python documentation.Mark Sapiro1-1/+2
2009-01-10- Fixed the admin Membership List Find member function so the 'letter'Mark Sapiro1-2/+5
links to a chunked result would still be limited to the Find member search. SF patch #1532081. - Changed scripts/driver to return a 405 status for non GET, POST, HEAD methods. SF patch #1578756.
2009-01-02Mailman/Utils.pyMark Sapiro1-9/+8
- Fixed a long standing error that stopped relative hrefs from being generated for links on Mailman's web pages. Mailman/Cgi/admindb.py - Changed the admindb interface so that when messages are rejected from the summary page, the reject reason is the rejection message from the Errors.HoldMessage subclass instead of the generic "No reason given".
2008-12-07Fixed a problem in Decorate which could throw a TypeError on conversion toMark Sapiro1-6/+8
unicode of a header/footer that was already unicode because of interpolating a unicode value. Made a minor change to the authentication logic for displaying hidden members on the roster.
2008-12-05Updated some FAQ URLs for wiki.list.org.Mark Sapiro1-1/+1
2008-11-12Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw2-6/+6
I've modified the patch to improve some of the stylistic issues.
2008-07-30Fixed a bug in admin.py which would result in chunked pages of the membershipMark Sapiro1-10/+5
list for members whose address begins with a non-alphanumeric character to not be visible or retrievable.
2008-04-14options.py - Made the ability for a list admin to change a members passwordMark Sapiro1-0/+8
conditional on mm_cfg.OWNERS_CAN_CHANGE_MEMBER_PASSWORDS. Defaults.py.in - Added OWNERS_CAN_CHANGE_MEMBER_PASSWORDS = No.
2008-03-06CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:Mark Sapiro1-4/+7
header to go to the options login page instead of the listinfo page. options.py - Changed to only issue the "No address given" error if coming from the page itself so we don't get the error when linking from another page or the List-Unsubscribe: header. - Changed to remember the user's language selection when redisplaying the page after an error.
2008-02-23MailList.py - Corrected some long standing incomplete logic in theMark Sapiro1-1/+7
ChangeMemberAddress() and ApprovedChangeMemberAddress() methods having to do with case-only changes and confirmations of changes already done another way. confirm.py - Caught a MMAlreadyAMember exception that can occur rarely with address changes. This adds a new i18n string, but it's rare enough that I'm not concerned about the translations.
2007-12-04Mailman/Cgi/edithtml.pyMark Sapiro1-2/+15
Mailman/Gui/General.py Mailman/Utils.py - Better detection of potentially evil HTML in GUI. Mailman/Version.py NEWS - Updates for 2.1.10b1 release. Mailman/Gui/General.py messages/mailman.pot - Added admin_member_chunksize to Gui. Two new associated messages.
2007-11-25Mailman/Defaults.py.inMark Sapiro1-2/+2
Mailman/Utils.py Mailman/htmlformat.py Mailman/Cgi/create.py messages/ja/doc/Defaults.py.in - Added direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table to support the Hebrew translation. messages/he/LC_MESSAGES/mailman.po - Corrected a typo '\b' -> '\n'. messages/zh_CN/LC_MESSAGES/mailman.po - Corrected a typo '\\b' -> '/b'.
2007-11-04- Cgi/options.py - fixed to not present the "empty" topic to user.Mark Sapiro1-1/+3
- Handlers/CalcRecips.py - Changed to not process topics if topics are disabled for the list.
2007-06-12admindb.py - Changed to not show the "Discard all messages marked Defer" ↵msapiro1-2/+5
checkbox when there are only (un)subscribes and no held messages. - Added a separator and heading for "Held Messages" like the ones for "Subscribe Requests" and "Unsubscribe Requests".
2007-05-08- CGI/admin.pymsapiro3-24/+29
The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.
2006-10-11Fixed admin.py so null VARHELP category is handled (1573393).msapiro1-4/+5
2006-09-21Removed the "Discard all messages marked Defer" checkbox from themsapiro1-2/+2
details=all page.
2006-09-01A much improved release script, which now knows about Subversion (though isn'tbwarsaw1-1/+0
yet ready to work from the trunk). Also, get rid of all the obsolete .cvsignore directories, they're no longer needed. Almost ready for 2.1.9rc1!
2006-08-30CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw5-20/+33
Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
2006-04-04Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi1-2/+3
2006-01-09Bug fix: import re module.tkikuchi1-1/+2
2005-12-30A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw6-22/+25
normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
2005-12-12Log hostile path to mischief, not errormsapiro1-1/+1
2005-12-12Fixes for bug 1080943.msapiro1-6/+27
Add error response for ./ and ../ in URL
2005-12-03Improving banned subscription logic to cover all invites, subscribes, ↵msapiro4-3/+29
address changes and confirmations of same.
2005-11-30List admins should be disallowd to insert script tags.tkikuchi1-0/+1
2005-11-30As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi1-11/+56
This is not good if list admin cannot be fully trusted. This patch disables the list admin's ability of changing the user option/subscription globally; changes are effective only within the list. Site admin can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
2005-11-09Make sure the moderate selection is initialized frommsapiro1-3/+9
DEFAULT_DEFAULT_MEMBER_MODERATION and preserved across errors.
2005-08-27FSF office has moved to 51 Franklin Street.tkikuchi14-14/+14
2005-05-02Copyright years.bwarsaw1-1/+1
2005-05-02ChangeHTML(): Set umask to 0 while creating the langdir. Fixes SF bugbwarsaw1-3/+7
#1190404
2005-02-10Spelling and copyright years updates.bwarsaw1-3/+3
2005-02-10Checkin for initial workaround for directry traverse flaw in private.py.tkikuchi1-3/+6
This is for the people who think 'CVS should be safe' and not final solution.
2004-12-30From the NEWS file:bwarsaw1-1/+2
- Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators.
2004-12-28admin.py:bwarsaw2-9/+8
show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
2004-12-07[ mailman-Bugs-1047532 ] problem with "discard all ..."tkikuchi1-12/+14
[ mailman-Patches-1080477 ] discard all marked as defer Fixed in a different way for what "all" means may confusing when partial message list are shown. Also fixed 'details' case.
2004-12-04Python 2.4 checks strftime() more strict.tkikuchi1-1/+2
Split GetConfirmSubject into Leave/Join.
2004-12-01Precautions against 'charset=' (empty) message.tkikuchi1-1/+1
2004-10-19[ 874764 ] -admin address is now equiv to -bouncetkikuchi1-3/+3
2004-10-13[ 1045909 ] user cancel of pending subscription failstkikuchi1-2/+6
2004-04-30main(): Add discard checkbox above the last submit button too.bwarsaw1-0/+5
2004-04-25main(), process_form(): Due to popular demand, added SF patch # 810675 whichbwarsaw1-1/+13
adds a "discard all messages marked Defer" for quicker admindb maintenance. Patch by Eddie Kohler, SF id xexd.
2004-02-29process_request(): Catch base class of EmailAddressError so eitherbwarsaw1-2/+2
MMBadEmailError or MMHostileAddress will be caught.
2004-02-29main(): The list lock must be held in order to pend unsubscription requests.bwarsaw1-12/+13
2004-02-17main(): It's possible that if you're logged in as the list admin, you can getbwarsaw1-3/+5
to the end of the function trying to present the options page for a non-existant user, causing a traceback. At the last second, do one more isMember() check and return the loginpage if the address isn't a member of the list.
2004-02-10main(), subscription_cancel(), unsubscription_cancel(), addrchange_cancel()bwarsaw1-17/+36
addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm(): Convert to the new pending database interface. expunge(): A helper function which ensures that the list is locked before expunging an item from the confirmation database.
2003-12-27show_pending_subs(): The address in the pending database may be a unicode, butbwarsaw1-1/+3
it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show up. Closes SF 862906.
2003-12-27show_helds_overview(), show_post_requests(): Another part of TK'sbwarsaw1-2/+13
patch # 865661. Encode the subject header in the list's preferred character set and make sure it is all on one line.