aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Removed the "Discard all messages marked Defer" checkbox from themsapiro2006-09-211-2/+2
| | | details=all page.
* A much improved release script, which now knows about Subversion (though isn'tbwarsaw2006-09-011-1/+0
| | | | | | | yet ready to work from the trunk). Also, get rid of all the obsolete .cvsignore directories, they're no longer needed. Almost ready for 2.1.9rc1!
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-305-20/+33
| | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
* Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi2006-04-041-2/+3
|
* Bug fix: import re module.tkikuchi2006-01-091-1/+2
|
* A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw2005-12-306-22/+25
| | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
* Log hostile path to mischief, not errormsapiro2005-12-121-1/+1
|
* Fixes for bug 1080943.msapiro2005-12-121-6/+27
| | | | Add error response for ./ and ../ in URL
* Improving banned subscription logic to cover all invites, subscribes, ↵msapiro2005-12-034-3/+29
| | | | address changes and confirmations of same.
* List admins should be disallowd to insert script tags.tkikuchi2005-11-301-0/+1
|
* As of 2.1.6, List admins can change user's option/subscription globally.tkikuchi2005-11-301-11/+56
| | | | | | | This is not good if list admin cannot be fully trusted. This patch disables the list admin's ability of changing the user option/subscription globally; changes are effective only within the list. Site admin can change globally if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set Yes.
* Make sure the moderate selection is initialized frommsapiro2005-11-091-3/+9
| | | | | DEFAULT_DEFAULT_MEMBER_MODERATION and preserved across errors.
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-2714-14/+14
|
* Copyright years.bwarsaw2005-05-021-1/+1
|
* ChangeHTML(): Set umask to 0 while creating the langdir. Fixes SF bugbwarsaw2005-05-021-3/+7
| | | | #1190404
* Spelling and copyright years updates.bwarsaw2005-02-101-3/+3
|
* Checkin for initial workaround for directry traverse flaw in private.py.tkikuchi2005-02-101-3/+6
| | | | This is for the people who think 'CVS should be safe' and not final solution.
* From the NEWS file:bwarsaw2004-12-301-1/+2
| | | | | | | | | | - Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators.
* admin.py:bwarsaw2004-12-282-9/+8
| | | | | | | | | | | | | | | show_results(): Slightly reworded the "Edit the public..." link to include a reference to the public text files, e.g. the welcome message. edithtml.py Grant Bowman's patch # 1085501 to allow editing the welcome message via the admin page. inthenews.ht More names ACKNOWLEDGMENTS, NEWS Updates for #1085501
* [ mailman-Bugs-1047532 ] problem with "discard all ..."tkikuchi2004-12-071-12/+14
| | | | | | [ mailman-Patches-1080477 ] discard all marked as defer Fixed in a different way for what "all" means may confusing when partial message list are shown. Also fixed 'details' case.
* Python 2.4 checks strftime() more strict.tkikuchi2004-12-041-1/+2
| | | | Split GetConfirmSubject into Leave/Join.
* Precautions against 'charset=' (empty) message.tkikuchi2004-12-011-1/+1
|
* [ 874764 ] -admin address is now equiv to -bouncetkikuchi2004-10-191-3/+3
|
* [ 1045909 ] user cancel of pending subscription failstkikuchi2004-10-131-2/+6
|
* main(): Add discard checkbox above the last submit button too.bwarsaw2004-04-301-0/+5
|
* main(), process_form(): Due to popular demand, added SF patch # 810675 whichbwarsaw2004-04-251-1/+13
| | | | | adds a "discard all messages marked Defer" for quicker admindb maintenance. Patch by Eddie Kohler, SF id xexd.
* process_request(): Catch base class of EmailAddressError so eitherbwarsaw2004-02-291-2/+2
| | | | MMBadEmailError or MMHostileAddress will be caught.
* main(): The list lock must be held in order to pend unsubscription requests.bwarsaw2004-02-291-12/+13
|
* main(): It's possible that if you're logged in as the list admin, you can getbwarsaw2004-02-171-3/+5
| | | | | | | to the end of the function trying to present the options page for a non-existant user, causing a traceback. At the last second, do one more isMember() check and return the loginpage if the address isn't a member of the list.
* main(), subscription_cancel(), unsubscription_cancel(), addrchange_cancel()bwarsaw2004-02-101-17/+36
| | | | | | | | addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm(): Convert to the new pending database interface. expunge(): A helper function which ensures that the list is locked before expunging an item from the confirmation database.
* show_pending_subs(): The address in the pending database may be a unicode, butbwarsaw2003-12-271-1/+3
| | | | | it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show up. Closes SF 862906.
* show_helds_overview(), show_post_requests(): Another part of TK'sbwarsaw2003-12-271-2/+13
| | | | | patch # 865661. Encode the subject header in the list's preferred character set and make sure it is all on one line.
* adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw2003-12-241-5/+6
| | | | | | and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* listinfo_overview(): Richard Barrett's patch # 828811 to reducebwarsaw2003-12-241-5/+6
| | | | | | listinfo and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* Comment repair.bwarsaw2003-12-221-1/+1
|
* subscription_prompt(): Make text and submit button have consistent text.bwarsaw2003-12-011-2/+2
| | | | Closes SF bug # 816410.
* get_item_gui_value(): Added a new widget HeaderFilter and associated code tobwarsaw2003-12-011-2/+72
| | | | | | | | build the interface from header_filter_rules. Here you can specify a set of regular expressions to test against a message's (outer) headers. You can also specify the action to take when a rule matches. These are available on Privacy->Spam Filters page.
* process_request(): In response to SF bug # 835870, we now check thebwarsaw2003-11-241-5/+12
| | | | | | | | | | calculated host name, and if VIRTUAL_HOST_OVERVIEW is true, that host name must match one of our known virtual hosts. Otherwise we'll refuse to create the list. If VIRTUAL_HOST_OVERVIEW is false, we'll do no checking (meaning the old behavior of being able to create a list with a non-fqdn hostname still exists). Also, pass the email host name into the MailList.Create() call.
* change_options(): When calling ApprovedAddMember(), pass a meaningfulbwarsaw2003-11-211-2/+3
| | | | value to the whence argument.
* main(): Fix for bug #832748, where unsubscribe_policy was beingbwarsaw2003-11-031-4/+24
| | | | | | | ignored for the unsub button on the member login page. Report and original patch by Pasi Sjoholm, modify by Barry. Forward port candidate.
* process_request(), request_creation(): Close cross-site scriptingbwarsaw2003-09-281-14/+20
| | | | | | exploits found by Ned Dawes. Also, whitespace normalization. Backported from HEAD.
* Backporting from the HEAD -- updated cgi'sbwarsaw2003-09-223-3/+5
|
* Backporting from trunk.bwarsaw2003-04-071-2/+0
|
* Backporting from trunkbwarsaw2003-03-312-1/+6
|
* Backporting SF patch #683906, add $DESTDIR to install target, bybwarsaw2003-03-311-2/+3
| | | | Ademar de Souza Reis Jr
* Backporting from the trunk.bwarsaw2003-02-088-64/+81
|
* main(): In the change-of-address section, we only want to show thebwarsaw2003-01-021-3/+5
| | | | | | | | | | | | "you are already using that email address" message if the newaddress matches the case-preserved (subscribed) address. Also, in the set_address section, if cpuser is None, set it to the the user address, since that's what we'll use now as the old address in the ChangeMemberAddress() call. This and related changes should fix problems when the address we're changing to differs for the current address by case only.
* This commit was manufactured by cvs2svn to create branch2003-01-0215-0/+5658
'Release_2_1-maint'.