| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Add error response for ./ and ../ in URL
|
|
|
|
| |
address changes and confirmations of same.
|
| |
|
|
|
|
|
|
|
| |
This is not good if list admin cannot be fully trusted. This patch
disables the list admin's ability of changing the user option/subscription
globally; changes are effective only within the list. Site admin
can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
|
|
|
|
|
| |
DEFAULT_DEFAULT_MEMBER_MODERATION
and preserved across errors.
|
| |
|
| |
|
|
|
|
| |
#1190404
|
| |
|
|
|
|
| |
This is for the people who think 'CVS should be safe' and not final solution.
|
|
|
|
|
|
|
|
|
|
| |
- Added the ability for Mailman generated passwords (both member and list
admin) to be more cryptographically secure. See new configuration
variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
reset_pw which can be used to reset all member passwords. Passwords
generated by Mailman are now 8 characters by default for members, and 10
characters for list administrators.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
show_results(): Slightly reworded the "Edit the public..." link to include
a reference to the public text files, e.g. the welcome message.
edithtml.py
Grant Bowman's patch # 1085501 to allow editing the welcome message via
the admin page.
inthenews.ht
More names
ACKNOWLEDGMENTS, NEWS
Updates for #1085501
|
|
|
|
|
|
| |
[ mailman-Patches-1080477 ] discard all marked as defer
Fixed in a different way for what "all" means may confusing when partial
message list are shown. Also fixed 'details' case.
|
|
|
|
| |
Split GetConfirmSubject into Leave/Join.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
adds a "discard all messages marked Defer" for quicker admindb maintenance.
Patch by Eddie Kohler, SF id xexd.
|
|
|
|
| |
MMBadEmailError or MMHostileAddress will be caught.
|
| |
|
|
|
|
|
|
|
| |
to the end of the function trying to present the options page for a
non-existant user, causing a traceback. At the last second, do one more
isMember() check and return the loginpage if the address isn't a member of the
list.
|
|
|
|
|
|
|
|
| |
addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm():
Convert to the new pending database interface.
expunge(): A helper function which ensures that the list is locked before
expunging an item from the confirmation database.
|
|
|
|
|
| |
it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show
up. Closes SF 862906.
|
|
|
|
|
| |
patch # 865661. Encode the subject header in the list's preferred
character set and make sure it is all on one line.
|
|
|
|
|
|
| |
and admin cgi process size by not keeping the entire mlist object
alive through a reference in the advertised list. Only the
information used in the overview is kept.
|
|
|
|
|
|
| |
listinfo and admin cgi process size by not keeping the entire mlist
object alive through a reference in the advertised list. Only the
information used in the overview is kept.
|
| |
|
|
|
|
| |
Closes SF bug # 816410.
|
|
|
|
|
|
|
|
| |
build the interface from header_filter_rules. Here you can specify a set of
regular expressions to test against a message's (outer) headers. You can also
specify the action to take when a rule matches.
These are available on Privacy->Spam Filters page.
|
|
|
|
|
|
|
|
|
|
| |
calculated host name, and if VIRTUAL_HOST_OVERVIEW is true, that host
name must match one of our known virtual hosts. Otherwise we'll
refuse to create the list. If VIRTUAL_HOST_OVERVIEW is false, we'll
do no checking (meaning the old behavior of being able to create a
list with a non-fqdn hostname still exists).
Also, pass the email host name into the MailList.Create() call.
|
|
|
|
| |
value to the whence argument.
|
|
|
|
|
|
|
| |
ignored for the unsub button on the member login page. Report and
original patch by Pasi Sjoholm, modify by Barry.
Forward port candidate.
|
|
|
|
|
|
| |
exploits found by Ned Dawes. Also, whitespace normalization.
Backported from HEAD.
|
| |
|
| |
|
| |
|
|
|
|
| |
Ademar de Souza Reis Jr
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"you are already using that email address" message if the newaddress
matches the case-preserved (subscribed) address.
Also, in the set_address section, if cpuser is None, set it to the the
user address, since that's what we'll use now as the old address in
the ChangeMemberAddress() call.
This and related changes should fix problems when the address we're
changing to differs for the current address by case only.
|
|
'Release_2_1-maint'.
|