aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* admindb.py - Changed to not show the "Discard all messages marked Defer" ↵msapiro2007-06-121-2/+5
| | | | | | | checkbox when there are only (un)subscribes and no held messages. - Added a separator and heading for "Held Messages" like the ones for "Subscribe Requests" and "Unsubscribe Requests".
* - CGI/admin.pymsapiro2007-05-083-24/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.
* Fixed admin.py so null VARHELP category is handled (1573393).msapiro2006-10-111-4/+5
|
* Removed the "Discard all messages marked Defer" checkbox from themsapiro2006-09-211-2/+2
| | | details=all page.
* A much improved release script, which now knows about Subversion (though isn'tbwarsaw2006-09-011-1/+0
| | | | | | | yet ready to work from the trunk). Also, get rid of all the obsolete .cvsignore directories, they're no longer needed. Almost ready for 2.1.9rc1!
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-305-20/+33
| | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
* Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi2006-04-041-2/+3
|
* Bug fix: import re module.tkikuchi2006-01-091-1/+2
|
* A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw2005-12-306-22/+25
| | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
* Log hostile path to mischief, not errormsapiro2005-12-121-1/+1
|
* Fixes for bug 1080943.msapiro2005-12-121-6/+27
| | | | Add error response for ./ and ../ in URL
* Improving banned subscription logic to cover all invites, subscribes, ↵msapiro2005-12-034-3/+29
| | | | address changes and confirmations of same.
* List admins should be disallowd to insert script tags.tkikuchi2005-11-301-0/+1
|
* As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi2005-11-301-11/+56
| | | | | | | This is not good if list admin cannot be fully trusted. This patch disables the list admin's ability of changing the user option/subscription globally; changes are effective only within the list. Site admin can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
* Make sure the moderate selection is initialized frommsapiro2005-11-091-3/+9
| | | | | DEFAULT_DEFAULT_MEMBER_MODERATION and preserved across errors.
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-2714-14/+14
|
* Copyright years.bwarsaw2005-05-021-1/+1
|
* ChangeHTML(): Set umask to 0 while creating the langdir. Fixes SF bugbwarsaw2005-05-021-3/+7
| | | | #1190404
* Spelling and copyright years updates.bwarsaw2005-02-101-3/+3
|
* Checkin for initial workaround for directry traverse flaw in private.py.tkikuchi2005-02-101-3/+6
| | | | This is for the people who think 'CVS should be safe' and not final solution.
* From the NEWS file:bwarsaw2004-12-301-1/+2
| | | | | | | | | | - Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators.
* admin.py:bwarsaw2004-12-282-9/+8
| | | | | | | | | | | | | | | show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
* [ mailman-Bugs-1047532 ] problem with "discard all ..."tkikuchi2004-12-071-12/+14
| | | | | | [ mailman-Patches-1080477 ] discard all marked as defer Fixed in a different way for what "all" means may confusing when partial message list are shown. Also fixed 'details' case.
* Python 2.4 checks strftime() more strict.tkikuchi2004-12-041-1/+2
| | | | Split GetConfirmSubject into Leave/Join.
* Precautions against 'charset=' (empty) message.tkikuchi2004-12-011-1/+1
|
* [ 874764 ] -admin address is now equiv to -bouncetkikuchi2004-10-191-3/+3
|
* [ 1045909 ] user cancel of pending subscription failstkikuchi2004-10-131-2/+6
|
* main(): Add discard checkbox above the last submit button too.bwarsaw2004-04-301-0/+5
|
* main(), process_form(): Due to popular demand, added SF patch # 810675 whichbwarsaw2004-04-251-1/+13
| | | | | adds a "discard all messages marked Defer" for quicker admindb maintenance. Patch by Eddie Kohler, SF id xexd.
* process_request(): Catch base class of EmailAddressError so eitherbwarsaw2004-02-291-2/+2
| | | | MMBadEmailError or MMHostileAddress will be caught.
* main(): The list lock must be held in order to pend unsubscription requests.bwarsaw2004-02-291-12/+13
|
* main(): It's possible that if you're logged in as the list admin, you can getbwarsaw2004-02-171-3/+5
| | | | | | | to the end of the function trying to present the options page for a non-existant user, causing a traceback. At the last second, do one more isMember() check and return the loginpage if the address isn't a member of the list.
* main(), subscription_cancel(), unsubscription_cancel(), addrchange_cancel()bwarsaw2004-02-101-17/+36
| | | | | | | | addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm(): Convert to the new pending database interface. expunge(): A helper function which ensures that the list is locked before expunging an item from the confirmation database.
* show_pending_subs(): The address in the pending database may be a unicode, butbwarsaw2003-12-271-1/+3
| | | | | it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show up. Closes SF 862906.
* show_helds_overview(), show_post_requests(): Another part of TK'sbwarsaw2003-12-271-2/+13
| | | | | patch # 865661. Encode the subject header in the list's preferred character set and make sure it is all on one line.
* adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw2003-12-241-5/+6
| | | | | | and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* listinfo_overview(): Richard Barrett's patch # 828811 to reducebwarsaw2003-12-241-5/+6
| | | | | | listinfo and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* Comment repair.bwarsaw2003-12-221-1/+1
|
* subscription_prompt(): Make text and submit button have consistent text.bwarsaw2003-12-011-2/+2
| | | | Closes SF bug # 816410.
* get_item_gui_value(): Added a new widget HeaderFilter and associated code tobwarsaw2003-12-011-2/+72
| | | | | | | | build the interface from header_filter_rules. Here you can specify a set of regular expressions to test against a message's (outer) headers. You can also specify the action to take when a rule matches. These are available on Privacy->Spam Filters page.
* process_request(): In response to SF bug # 835870, we now check thebwarsaw2003-11-241-5/+12
| | | | | | | | | | calculated host name, and if VIRTUAL_HOST_OVERVIEW is true, that host name must match one of our known virtual hosts. Otherwise we'll refuse to create the list. If VIRTUAL_HOST_OVERVIEW is false, we'll do no checking (meaning the old behavior of being able to create a list with a non-fqdn hostname still exists). Also, pass the email host name into the MailList.Create() call.
* change_options(): When calling ApprovedAddMember(), pass a meaningfulbwarsaw2003-11-211-2/+3
| | | | value to the whence argument.
* main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw2003-11-031-4/+24
| | | | | | | ignored for the unsub button on the member login page. Report and original patch by Pasi Sjoholm, modify by Barry. Forward port candidate.
* process_request(), request_creation(): Close cross-site scriptingbwarsaw2003-09-281-14/+20
| | | | | | exploits found by Ned Dawes. Also, whitespace normalization. Backported from HEAD.
* Backporting from the HEAD -- updated cgi'sbwarsaw2003-09-223-3/+5
|
* Backporting from trunk.bwarsaw2003-04-071-2/+0
|
* Backporting from trunkbwarsaw2003-03-312-1/+6
|
* Backporting SF patch #683906, add $DESTDIR to install target, bybwarsaw2003-03-311-2/+3
| | | | Ademar de Souza Reis Jr
* Backporting from the trunk.bwarsaw2003-02-088-64/+81
|
* main(): In the change-of-address section, we only want to show thebwarsaw2003-01-021-3/+5
| | | | | | | | | | | | "you are already using that email address" message if the newaddress matches the case-preserved (subscribed) address. Also, in the set_address section, if cpuser is None, set it to the the user address, since that's what we'll use now as the old address in the ChangeMemberAddress() call. This and related changes should fix problems when the address we're changing to differs for the current address by case only.