Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2018-06-22 | * apply Utils.websafe() to description string in admin.py | Yasuhito FUTATSUKI at POEM | 1 | -1/+1 | |
* Use GetDescription() in HTMLFormatter.py | |||||
2018-06-22 | enhance i18n of listinfo overview | Yasuhito FUTATSUKI at POEM | 2 | -2/+2 | |
* make sure list's description charset as its preferred_language's * get description as a string of charset caller wanted | |||||
2018-06-18 | Added global _ where needed. | Mark Sapiro | 2 | -0/+2 | |
2018-06-17 | Bump copyright dates. | Mark Sapiro | 12 | -11/+11 | |
2018-06-16 | enhance i18n in admin(un)?subscribeack messages | Yasuhito FUTATSUKI at POEM | 2 | -4/+7 | |
2018-06-10 | Changes based on feedback from Mark. | Jim Popovitch | 2 | -5/+8 | |
2018-06-06 | Improved logging of security related events | Jim Popovitch | 5 | -0/+25 | |
2018-06-03 | Separate data in CSRF token by colon to avoid collisions. | Ralf Jung | 2 | -6/+6 | |
This makes the data-to-token function injective. Previously, for example, the list called "list1" and the IP "10.0.0.0" would have the same hash as the list called "list" and the IP "110.0.0.0", as the strings were just concatenated. | |||||
2018-05-26 | Internationalize the noscript note added to reCAPTCHA. | Mark Sapiro | 1 | -2/+3 | |
2018-05-05 | Add <noscript> note to listinfo reCAPTCHA that JavaScript is required. | Mark Sapiro | 1 | -0/+1 | |
2018-03-01 | Removed a Python 2.7 dependency introduced in 2.1.26. | Mark Sapiro | 1 | -1/+1 | |
2018-02-04 | Fix XSS and info leak in options CGI - CVE-2018-5950 | Mark Sapiro | 1 | -15/+17 | |
2018-02-03 | It's not necessary to replace _ with - in language codes for reCAPTCHA. | Mark Sapiro | 1 | -3/+1 | |
2018-01-30 | Corrected i18n from rev. 1738 and updated message catalogs. | Mark Sapiro | 1 | -3/+5 | |
2018-01-30 | Update Japanese translation (with msgid fix) | Yasuhito FUTATSUKI at POEM | 1 | -3/+3 | |
2018-01-29 | Allow the list subscription form to be protected from spam bots using | David Siebörger | 2 | -0/+32 | |
reCAPTCHA. | |||||
2017-06-24 | Added screen reader labels to some admindb radio buttons. | Mark Sapiro | 1 | -15/+10 | |
2017-06-21 | Added text for screen readers only to checkboxes on admin Membership List. | Mark Sapiro | 1 | -7/+16 | |
2017-06-09 | Display date of held subscriptions and keep newest. | Mark Sapiro | 1 | -6/+11 | |
2017-06-07 | Reverted another getfirst in the multi-value CGI defence. | Mark Sapiro | 1 | -1/+1 | |
2017-06-05 | Bumped Copyrights and fixed a bug in prior commit. | Mark Sapiro | 10 | -12/+12 | |
2017-06-05 | Defend against CGI requests with multiple values for the same parameter. | Mark Sapiro | 11 | -105/+105 | |
2017-06-04 | Fixed a regression in Cgi/options.py. | Mark Sapiro | 1 | -12/+12 | |
2017-04-25 | Change 'subscribees' to 'subscribers' on admin mass subscribe page. | Mark Sapiro | 1 | -1/+1 | |
Update i18n. | |||||
2017-02-22 | Fixed an uncaught TypeError in the subscribe CGI. | Mark Sapiro | 1 | -1/+1 | |
2017-02-03 | Fixed a TypeError thrown in the roster CGI when called with a listname | Mark Sapiro | 1 | -3/+3 | |
containing a % character. | |||||
2016-10-27 | Fixed incorrect "view more members" links at the bottom of the admin | Mark Sapiro | 1 | -4/+5 | |
Membership List pages. | |||||
2016-10-11 | Further changes to keep domains aligned with virtual list notification emails | Jim Popovitch | 1 | -3/+2 | |
2016-09-29 | Fix unicode links in multi-page admin Membership list search results. | Mark Sapiro | 1 | -2/+5 | |
2016-08-26 | Fixes for CVE-2016-6893 and more. | Mark Sapiro | 3 | -5/+71 | |
2016-07-19 | Membership List letter links could be incorrectly rendered as Unicode. | Mark Sapiro | 1 | -0/+3 | |
2016-07-14 | Catch TypeError from certain defective crafted POST requests. | Mark Sapiro | 11 | -14/+132 | |
2016-05-22 | Prior fix for lp:1573623 at rev 1647 was incomplete. | Mark Sapiro | 1 | -2/+3 | |
2016-05-18 | Added a bunch more templates to those that can be edited via the GUI. | Mark Sapiro | 1 | -1/+13 | |
2016-05-17 | Catch MMUnknownListError in case list is removed after listing names. | Mark Sapiro | 2 | -3/+11 | |
2016-04-22 | White space left of Logout link is no longer part of the link. | Mark Sapiro | 1 | -3/+4 | |
2015-12-06 | Submitting the user options form for a user who was asynchronously | Mark Sapiro | 1 | -0/+8 | |
unsubscribed would throw an uncaught NotAMemberError. | |||||
2015-09-16 | Defended against a user submitting URLs with query fragments or POST | Mark Sapiro | 1 | -0/+8 | |
data containing multiple occurrences of the same variable. | |||||
2015-07-20 | Don't show digest options on user's options page for non-digestable lists. | Mark Sapiro | 1 | -2/+8 | |
2015-06-23 | Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) | Jim Popovitch | 3 | -9/+18 | |
2015-04-23 | If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load | Mark Sapiro | 2 | -12/+35 | |
balancer or similar in use the POSTing IP might not exactly match the GETting IP. This is now accounted for by not requiring the last octet (16 bits for ipV6) to match. | |||||
2015-04-13 | Improved search in admin UI Membership List. | Mark Sapiro | 1 | -1/+10 | |
2015-03-09 | Implemented member address change via the admin GUI. | Mark Sapiro | 1 | -1/+109 | |
Updated mailman.pot and mailman.po files with the new strings. | |||||
2015-02-03 | Bumped copyright year for prior change. | Mark Sapiro | 1 | -1/+1 | |
2015-01-30 | The admindb interface has been fixed so the the detail message body | Mark Sapiro | 1 | -8/+6 | |
display doesn't lose part of a multi-byte character, and characters which are invalid in the message's charset are replaced rather than the whole body not being converted to the display charset. | |||||
2015-01-22 | A number of changes from the unofficial 2.2 branch have been backported to | Mark Sapiro | 2 | -18/+21 | |
the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained. | |||||
2014-12-20 | Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the default | Mark Sapiro | 1 | -1/+2 | |
for the admin Mass Subscriptions page. | |||||
2014-11-07 | Catch the NotAMemberError exception thrown if an authenticated | Mark Sapiro | 1 | -0/+7 | |
unsubscribe is submitted from the user options page for a nonmember. | |||||
2014-09-21 | The options CGI now rejects all but HTTP GET and POST requests. | Mark Sapiro | 1 | -0/+12 | |
2014-06-09 | <label> tags have been added around most check boxes and radio buttons | Mark Sapiro | 1 | -10/+29 | |
and their text labels in the admin and admindb web GUI so they can be (de)selected by clicking the text. (LP: #266391) |