aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Expand)AuthorAgeFilesLines
* Block CSRF attack against admin or admindb pages.Mark Sapiro2021-11-303-3/+6
* Prior commit was incomplete.Mark Sapiro2021-11-231-4/+5
* Avoid NotAMemberError in CSRF check from user options page.Mark Sapiro2021-11-211-11/+11
* Fix admindb for list with no mod password.Mark Sapiro2021-11-121-1/+2
* Use moderator rather than admin for admindb CSRF token.Mark Sapiro2021-11-031-2/+1
* Fix a potentail XSS attack via the user options page.Mark Sapiro2021-11-031-0/+2
* Fixes for CVEs 2021-42096 and 2021-42097.Mark Sapiro2021-10-181-13/+12
* Implement WARN_MEMBER_OF_SUBSCRIBE subscribe setting.Mark Sapiro2020-06-101-0/+1
* Extend REFUSE_SECOND_PENDING to unsubscription as well.Mark Sapiro2020-05-181-0/+3
* Fixed content injection vulnerability via the private login page.Mark Sapiro2020-05-071-7/+3
* Fixed options login content injection vulnerability.Mark Sapiro2020-05-051-1/+1
* Implement REFUSE_SECOND_PENDING setting to prevent multiple pending subscribes.Mark Sapiro2020-01-091-0/+3
* Changed new 'Successfully unsubscribed:' to existingMark Sapiro2019-10-051-1/+1
* Implemented web admin sync members.Mark Sapiro2019-09-171-2/+109
* Implement Ralf Jung's captcha feature for the subscribe form.Mark Sapiro2019-06-192-4/+31
|\
| * Don't enable CAPTCHA if 'en' key is not setRalf Jung2019-06-101-1/+1
| * fix computing the form hash when there is no CAPTCHARalf Jung2019-06-101-1/+1
| * implement a simple CAPTCHA scheme based on questions and answers configured b...Ralf Jung2019-06-102-4/+25
|/
* Strip leading/trailing spaces from login email for private and options login.Mark Sapiro2019-03-062-3/+4
* Corrected and augmented some security log messages.Mark Sapiro2018-12-304-3/+17
* Catch TypeError on simultaneous confirmations of the same token.Mark Sapiro2018-08-071-5/+19
* fix python doc urlsYasuhito FUTATSUKI at POEM2018-07-151-1/+1
* Enable editing templates in an alternate language.Mark Sapiro2018-07-081-7/+35
|\
| * Add language selecter to "HTML Page Editing" page for multi-lang listsYasuhito FUTATSUKI at POEM2018-07-091-7/+34
|/
* * apply Utils.websafe() to description string in admin.pyYasuhito FUTATSUKI at POEM2018-06-221-1/+1
* enhance i18n of listinfo overviewYasuhito FUTATSUKI at POEM2018-06-222-2/+2
* Added global _ where needed.Mark Sapiro2018-06-182-0/+2
* Bump copyright dates.Mark Sapiro2018-06-1712-11/+11
* I18n for new whence reasons in admin (un)subscribe notices.Mark Sapiro2018-06-172-4/+19
|\
| * enhance i18n in admin(un)?subscribeack messagesYasuhito FUTATSUKI at POEM2018-06-162-4/+7
|/
* Implement security log.Mark Sapiro2018-06-116-4/+42
|\
| * Changes based on feedback from Mark.Jim Popovitch2018-06-102-5/+8
| * Improved logging of security related eventsJim Popovitch2018-06-065-0/+25
|/
* Separate data in CSRF token by colon to avoid collisions.Ralf Jung2018-06-032-6/+6
* Internationalize the noscript note added to reCAPTCHA.Mark Sapiro2018-05-261-2/+3
* Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro2018-05-051-0/+1
* Removed a Python 2.7 dependency introduced in 2.1.26.Mark Sapiro2018-03-011-1/+1
* Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro2018-02-041-15/+17
* It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro2018-02-031-3/+1
* Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro2018-01-301-3/+5
* Added the ability to add reCAPTCHA to the listinfo subscribe form.Mark Sapiro2018-01-292-2/+37
|\
| * Allow the list subscription form to be protected from spam bots usingDavid Siebörger2018-01-292-0/+32
|/
* Added screen reader labels to some admindb radio buttons.Mark Sapiro2017-06-241-15/+10
* Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro2017-06-211-7/+16
* Display date of held subscriptions and keep newest.Mark Sapiro2017-06-091-6/+11
* Reverted another getfirst in the multi-value CGI defence.Mark Sapiro2017-06-071-1/+1
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-0510-12/+12
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-0511-105/+105
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
* Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro2017-04-251-1/+1