aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fixed content injection vulnerability via the private login page.Mark Sapiro2020-05-071-7/+3
|
* Fixed options login content injection vulnerability.Mark Sapiro2020-05-051-1/+1
|
* Implement REFUSE_SECOND_PENDING setting to prevent multiple pending subscribes.Mark Sapiro2020-01-091-0/+3
|
* Changed new 'Successfully unsubscribed:' to existingMark Sapiro2019-10-051-1/+1
| | | 'Successfully Unsubscribed:' and updated i18n.
* Implemented web admin sync members.Mark Sapiro2019-09-171-2/+109
|
* Implement Ralf Jung's captcha feature for the subscribe form.Mark Sapiro2019-06-192-4/+31
|\
| * Don't enable CAPTCHA if 'en' key is not setRalf Jung2019-06-101-1/+1
| |
| * fix computing the form hash when there is no CAPTCHARalf Jung2019-06-101-1/+1
| |
| * implement a simple CAPTCHA scheme based on questions and answers configured ↵Ralf Jung2019-06-102-4/+25
|/ | | | by the site admin
* Strip leading/trailing spaces from login email for private and options login.Mark Sapiro2019-03-062-3/+4
|
* Corrected and augmented some security log messages.Mark Sapiro2018-12-304-3/+17
|
* Catch TypeError on simultaneous confirmations of the same token.Mark Sapiro2018-08-071-5/+19
|
* fix python doc urlsYasuhito FUTATSUKI at POEM2018-07-151-1/+1
|
* Enable editing templates in an alternate language.Mark Sapiro2018-07-081-7/+35
|\
| * Add language selecter to "HTML Page Editing" page for multi-lang listsYasuhito FUTATSUKI at POEM2018-07-091-7/+34
|/ | | | Add back link from editing page to editing page selection page
* * apply Utils.websafe() to description string in admin.pyYasuhito FUTATSUKI at POEM2018-06-221-1/+1
| | | | * Use GetDescription() in HTMLFormatter.py
* enhance i18n of listinfo overviewYasuhito FUTATSUKI at POEM2018-06-222-2/+2
| | | | | * make sure list's description charset as its preferred_language's * get description as a string of charset caller wanted
* Added global _ where needed.Mark Sapiro2018-06-182-0/+2
|
* Bump copyright dates.Mark Sapiro2018-06-1712-11/+11
|
* I18n for new whence reasons in admin (un)subscribe notices.Mark Sapiro2018-06-172-4/+19
|\
| * enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2018-06-162-4/+7
|/
* Implement security log.Mark Sapiro2018-06-116-4/+42
|\
| * Changes based on feedback from Mark.Jim Popovitch2018-06-102-5/+8
| |
| * Improved logging of security related eventsJim Popovitch2018-06-065-0/+25
|/
* Separate data in CSRF token by colon to avoid collisions.Ralf Jung2018-06-032-6/+6
| | | | | | This makes the data-to-token function injective. Previously, for example, the list called "list1" and the IP "10.0.0.0" would have the same hash as the list called "list" and the IP "110.0.0.0", as the strings were just concatenated.
* Internationalize the noscript note added to reCAPTCHA.Mark Sapiro2018-05-261-2/+3
|
* Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro2018-05-051-0/+1
|
* Removed a Python 2.7 dependency introduced in 2.1.26.Mark Sapiro2018-03-011-1/+1
|
* Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro2018-02-041-15/+17
|
* It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro2018-02-031-3/+1
|
* Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro2018-01-301-3/+5
|
* Added the ability to add reCAPTCHA to the listinfo subscribe form.Mark Sapiro2018-01-292-2/+37
|\
| * Allow the list subscription form to be protected from spam bots usingDavid Siebörger2018-01-292-0/+32
|/ | | | reCAPTCHA.
* Added screen reader labels to some admindb radio buttons.Mark Sapiro2017-06-241-15/+10
|
* Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro2017-06-211-7/+16
|
* Display date of held subscriptions and keep newest.Mark Sapiro2017-06-091-6/+11
|
* Reverted another getfirst in the multi-value CGI defence.Mark Sapiro2017-06-071-1/+1
|
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-0510-12/+12
|
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-0511-105/+105
|
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
|
* Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro2017-04-251-1/+1
| | | Update i18n.
* Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro2017-02-221-1/+1
|
* Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro2017-02-031-3/+3
| | | containing a % character.
* Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro2016-10-271-4/+5
| | | Membership List pages.
* Fix unicode links in multi-page admin Membership list search results.Mark Sapiro2016-09-291-2/+5
|
* Fixes for CVE-2016-6893 and more.Mark Sapiro2016-08-263-5/+71
|
* Membership List letter links could be incorrectly rendered as Unicode.Mark Sapiro2016-07-191-0/+3
|
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-1411-14/+132
|
* Prior fix for lp:1573623 at rev 1647 was incomplete.Mark Sapiro2016-05-221-2/+3
|
* Added a bunch more templates to those that can be edited via the GUI.Mark Sapiro2016-05-181-1/+13
|