aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Backported the password reminder from private archive login feature from theMark Sapiro2012-03-251-1/+22
| | | | 2.2 branch.
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
|
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
|
* Fix for bug #629738 could cause a crash in the admindb details displayMark Sapiro2011-12-311-1/+3
| | | | | if the decoded message body contained characters not in the character set of the list's preferred language. Fixed. Bug #910440.
* Added masthead.txt to the list of templates that can be edited via theMark Sapiro2011-11-121-1/+2
| | | | web admin interface. Bug #266805.
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
| | | | each list if the subscription is 'nomail' or 'digest'. Bug #793669.
* Fixed a problem in admindb.py where the character set for the display ofMark Sapiro2011-05-101-1/+8
| | | | the message body excerpt was not correctly determined. Bug #779751.
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-093-10/+10
|
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-251-0/+27
| | | | | | be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-232-3/+27
| | | | | admindb logout effective for a site admin cookie if allowed. Bug #769318.
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
|
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-141-3/+5
| | | | | setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
* Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro2011-03-291-2/+2
| | | | the supplied email address. Bug #745432.
* An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro2011-02-181-3/+3
|
* - Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro2011-02-071-2/+3
| | | | already handled. Bug #266224.
* Updated copyright year for previous change.Mark Sapiro2011-02-051-1/+1
|
* Issue an HTTP 404 status for private archive file not found.Mark Sapiro2011-02-051-0/+1
|
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-102-5/+5
| | | | Bug #426979.
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-2/+2
|
* Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro2010-09-031-1/+1
| | | | message body excerpts for display. Bug #629738.
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-271-1/+2
| | | | requesters IP address in the confirmation request. Bug #610527.
* Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro2010-07-021-1/+1
| | | | listinfo.
* Fixed an issue in admindb that could result in a KeyError and "we hit aMark Sapiro2010-06-251-6/+10
| | | | | bug" response when a moderator acts on a post that had been handled by someone else after the first moderator had retrieved it. Bug #598671.
* Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2010-06-232-4/+6
| | | | overview pages if its web_page_url contained a :port. Bug # 597741.
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-2910-0/+22
| | | | failure, and return HTTP 404 status from all CGIs for an invalid list name.
* Reordered the 'cancel' and 'subscribe' buttons on the subscriptionMark Sapiro2010-03-061-3/+3
| | | | | confirmation web page so the default action upon 'enter' will be the subscribe button in browsers that pick the first button. Bug #530654.
* Fixed a bug in the admindb interface that could apply a moderatorMark Sapiro2010-03-061-2/+10
| | | | action to a message not displayed. Bug #533468.
* Added a urlhost argument to the MailList.MailList.Create() method toMark Sapiro2010-02-271-2/+3
| | | | | | allow bin/newlist and the the create CGI to pass urlhost so the host will be correct in the listinfo link on the emptyarchive page. Bug #529100.
* We now give an HTTP 401 status for authentication failures from admin,Mark Sapiro2010-02-043-2/+8
| | | | admindb, private and options logins.
* - Fixed a bug where going to an archives/private/list.mbox/list.mbox URLMark Sapiro2010-01-211-1/+3
| | | | would result in a munged URL if authentication was required. Bug #266164.
* - Added vette logging for rejected and discarded (un)subscribe requests.Mark Sapiro2009-12-041-1/+1
| | | | | - Fixed a bug in admindb.py that could erroneously discard an unsubscribe request as a duplicate.
* Decoded RFC 2047 encoded message subjects for a few reports. Bug #266428.Mark Sapiro2009-12-031-3/+4
|
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-312-4/+5
|
* Fixed a bug in admindb.py in the implementation of replacing "No ReasonMark Sapiro2009-02-031-2/+7
| | | | Given" with the default rejection reason. Bug #325016.
* Two of the 'new' class exceptions are raised with an argument.Mark Sapiro2009-01-201-4/+5
|
* Updated links to Python documentation.Mark Sapiro2009-01-111-1/+2
|
* - Fixed the admin Membership List Find member function so the 'letter'Mark Sapiro2009-01-101-2/+5
| | | | | | | | links to a chunked result would still be limited to the Find member search. SF patch #1532081. - Changed scripts/driver to return a 405 status for non GET, POST, HEAD methods. SF patch #1578756.
* Mailman/Utils.pyMark Sapiro2009-01-021-9/+8
| | | | | | | | | | - Fixed a long standing error that stopped relative hrefs from being generated for links on Mailman's web pages. Mailman/Cgi/admindb.py - Changed the admindb interface so that when messages are rejected from the summary page, the reject reason is the rejection message from the Errors.HoldMessage subclass instead of the generic "No reason given".
* Fixed a problem in Decorate which could throw a TypeError on conversion toMark Sapiro2008-12-071-6/+8
| | | | | | | | unicode of a header/footer that was already unicode because of interpolating a unicode value. Made a minor change to the authentication logic for displaying hidden members on the roster.
* Updated some FAQ URLs for wiki.list.org.Mark Sapiro2008-12-051-1/+1
|
* Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw2008-11-122-6/+6
| | | | I've modified the patch to improve some of the stylistic issues.
* Fixed a bug in admin.py which would result in chunked pages of the membershipMark Sapiro2008-07-301-10/+5
| | | | | | list for members whose address begins with a non-alphanumeric character to not be visible or retrievable.
* options.py - Made the ability for a list admin to change a members passwordMark Sapiro2008-04-141-0/+8
| | | | | | | conditional on mm_cfg.OWNERS_CAN_CHANGE_MEMBER_PASSWORDS. Defaults.py.in - Added OWNERS_CAN_CHANGE_MEMBER_PASSWORDS = No.
* CookHeaders.py - Changed the first URL in the RFC 2369 List-Unsubscribe:Mark Sapiro2008-03-061-4/+7
| | | | | | | | | | | | | header to go to the options login page instead of the listinfo page. options.py - Changed to only issue the "No address given" error if coming from the page itself so we don't get the error when linking from another page or the List-Unsubscribe: header. - Changed to remember the user's language selection when redisplaying the page after an error.
* MailList.py - Corrected some long standing incomplete logic in theMark Sapiro2008-02-231-1/+7
| | | | | | | | | | ChangeMemberAddress() and ApprovedChangeMemberAddress() methods having to do with case-only changes and confirmations of changes already done another way. confirm.py - Caught a MMAlreadyAMember exception that can occur rarely with address changes. This adds a new i18n string, but it's rare enough that I'm not concerned about the translations.
* Mailman/Cgi/edithtml.pyMark Sapiro2007-12-041-2/+15
| | | | | | | | | | | | Mailman/Gui/General.py Mailman/Utils.py - Better detection of potentially evil HTML in GUI. Mailman/Version.py NEWS - Updates for 2.1.10b1 release. Mailman/Gui/General.py messages/mailman.pot - Added admin_member_chunksize to Gui. Two new associated messages.
* Mailman/Defaults.py.inMark Sapiro2007-11-251-2/+2
| | | | | | | | | | | Mailman/Utils.py Mailman/htmlformat.py Mailman/Cgi/create.py messages/ja/doc/Defaults.py.in - Added direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table to support the Hebrew translation. messages/he/LC_MESSAGES/mailman.po - Corrected a typo '\b' -> '\n'. messages/zh_CN/LC_MESSAGES/mailman.po - Corrected a typo '\\b' -> '/b'.
* - Cgi/options.py - fixed to not present the "empty" topic to user.Mark Sapiro2007-11-041-1/+3
| | | | | - Handlers/CalcRecips.py - Changed to not process topics if topics are disabled for the list.
* admindb.py - Changed to not show the "Discard all messages marked Defer" ↵msapiro2007-06-121-2/+5
| | | | | | | checkbox when there are only (un)subscribes and no held messages. - Added a separator and heading for "Held Messages" like the ones for "Subscribe Requests" and "Unsubscribe Requests".
* - CGI/admin.pymsapiro2007-05-083-24/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.