aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (unfollow)
Commit message (Expand)AuthorFilesLines
2021-11-30Block CSRF attack against admin or admindb pages.Mark Sapiro3-3/+6
2021-11-23Prior commit was incomplete.Mark Sapiro1-4/+5
2021-11-21Avoid NotAMemberError in CSRF check from user options page.Mark Sapiro1-11/+11
2021-11-12Fix admindb for list with no mod password.Mark Sapiro1-1/+2
2021-11-03Use moderator rather than admin for admindb CSRF token.Mark Sapiro1-2/+1
2021-11-03Fix a potentail XSS attack via the user options page.Mark Sapiro1-0/+2
2021-10-18Fixes for CVEs 2021-42096 and 2021-42097.Mark Sapiro1-13/+12
2020-06-10Implement WARN_MEMBER_OF_SUBSCRIBE subscribe setting.Mark Sapiro1-0/+1
2020-05-18Extend REFUSE_SECOND_PENDING to unsubscription as well.Mark Sapiro1-0/+3
2020-05-07Fixed content injection vulnerability via the private login page.Mark Sapiro1-7/+3
2020-05-05Fixed options login content injection vulnerability.Mark Sapiro1-1/+1
2020-01-09Implement REFUSE_SECOND_PENDING setting to prevent multiple pending subscribes.Mark Sapiro1-0/+3
2019-10-05Changed new 'Successfully unsubscribed:' to existingMark Sapiro1-1/+1
2019-09-17Implemented web admin sync members.Mark Sapiro1-2/+109
2019-06-10Don't enable CAPTCHA if 'en' key is not setRalf Jung1-1/+1
2019-06-10fix computing the form hash when there is no CAPTCHARalf Jung1-1/+1
2019-06-10implement a simple CAPTCHA scheme based on questions and answers configured b...Ralf Jung2-4/+25
2019-03-06Strip leading/trailing spaces from login email for private and options login.Mark Sapiro2-3/+4
2018-12-30Corrected and augmented some security log messages.Mark Sapiro4-3/+17
2018-08-07Catch TypeError on simultaneous confirmations of the same token.Mark Sapiro1-5/+19
2018-07-15fix python doc urlsYasuhito FUTATSUKI at POEM1-1/+1
2018-07-09Add language selecter to "HTML Page Editing" page for multi-lang listsYasuhito FUTATSUKI at POEM1-7/+34
2018-06-22* apply Utils.websafe() to description string in admin.pyYasuhito FUTATSUKI at POEM1-1/+1
2018-06-22enhance i18n of listinfo overviewYasuhito FUTATSUKI at POEM2-2/+2
2018-06-18Added global _ where needed.Mark Sapiro2-0/+2
2018-06-17Bump copyright dates.Mark Sapiro12-11/+11
2018-06-16enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2-4/+7
2018-06-10Changes based on feedback from Mark.Jim Popovitch2-5/+8
2018-06-06Improved logging of security related eventsJim Popovitch5-0/+25
2018-06-03Separate data in CSRF token by colon to avoid collisions.Ralf Jung2-6/+6
2018-05-26Internationalize the noscript note added to reCAPTCHA.Mark Sapiro1-2/+3
2018-05-05Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro1-0/+1
2018-03-01Removed a Python 2.7 dependency introduced in 2.1.26.Mark Sapiro1-1/+1
2018-02-04Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro1-15/+17
2018-02-03It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro1-3/+1
2018-01-30Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro1-3/+5
2018-01-30Update Japanese translation (with msgid fix)Yasuhito FUTATSUKI at POEM1-3/+3
2018-01-29Allow the list subscription form to be protected from spam bots usingDavid Siebörger2-0/+32
2017-06-24Added screen reader labels to some admindb radio buttons.Mark Sapiro1-15/+10
2017-06-21Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro1-7/+16
2017-06-09Display date of held subscriptions and keep newest.Mark Sapiro1-6/+11
2017-06-07Reverted another getfirst in the multi-value CGI defence.Mark Sapiro1-1/+1
2017-06-05Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro10-12/+12
2017-06-05Defend against CGI requests with multiple values for the same parameter.Mark Sapiro11-105/+105
2017-06-04Fixed a regression in Cgi/options.py.Mark Sapiro1-12/+12
2017-04-25Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro1-1/+1
2017-02-22Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro1-1/+1
2017-02-03Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro1-3/+3
2016-10-27Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro1-4/+5
2016-10-11Further changes to keep domains aligned with virtual list notification emailsJim Popovitch1-3/+2