aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Expand)AuthorAgeFilesLines
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+8
* Don't show digest options on user's options page for non-digestable lists.Mark Sapiro2015-07-201-2/+8
* Improved identification of remote clients coming via a proxy server.Mark Sapiro2015-06-233-9/+18
|\
| * Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-233-9/+18
|/
* If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2015-04-232-12/+35
* Improved search in admin UI Membership List.Mark Sapiro2015-04-131-1/+10
* Implemented member address change via the admin GUI.Mark Sapiro2015-03-091-1/+109
* Bumped copyright year for prior change.Mark Sapiro2015-02-031-1/+1
* The admindb interface has been fixed so the the detail message bodyMark Sapiro2015-01-301-8/+6
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-222-18/+21
* Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the defaultMark Sapiro2014-12-201-1/+2
* Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro2014-11-071-0/+7
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+12
* <label> tags have been added around most check boxes and radio buttonsMark Sapiro2014-06-091-10/+29
* Removed HTML tags from the title of a couple of rmlist.py pages becauseMark Sapiro2014-05-021-2/+2
* Fixed the admin Membership List so a search string if any is not lostMark Sapiro2014-04-151-1/+2
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-2110-20/+20
* Changed the message from the confirm CGI to not indicate approval isMark Sapiro2014-02-071-2/+3
* Enable setting a default grouping/sorting for the admindb held messageMark Sapiro2013-07-191-4/+7
* Backported the held message sorting to 2.1 and made it optional.Mark Sapiro2013-07-181-18/+51
* - It is no longer possible to add 'invalid' addresses to the ban_listMark Sapiro2013-06-071-15/+39
* The pending (un)subscriptions waiting approval are now sorted by emailMark Sapiro2013-04-031-5/+5
* Added a minimum delay between retrieval and submission of the subscribe form.Mark Sapiro2012-12-141-0/+4
* Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2012-11-242-2/+34
* Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro2012-10-301-1/+2
* The query fragments send_unsub_notifications_to_list_owner andMark Sapiro2012-08-221-9/+7
* Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update.Mark Sapiro2012-06-201-0/+0
* Backported the password reminder from private archive login feature from theMark Sapiro2012-03-251-1/+22
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
* Fix for bug #629738 could cause a crash in the admindb details displayMark Sapiro2011-12-311-1/+3
* Added masthead.txt to the list of templates that can be edited via theMark Sapiro2011-11-121-1/+2
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
* Fixed a problem in admindb.py where the character set for the display ofMark Sapiro2011-05-101-1/+8
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-093-10/+10
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-251-0/+27
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-232-3/+27
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-141-3/+5
* Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro2011-03-291-2/+2
* An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro2011-02-181-3/+3
* - Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro2011-02-071-2/+3
* Updated copyright year for previous change.Mark Sapiro2011-02-051-1/+1
* Issue an HTTP 404 status for private archive file not found.Mark Sapiro2011-02-051-0/+1
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-102-5/+5
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-2/+2
* Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro2010-09-031-1/+1
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-271-1/+2
* Increased the font size of 'Welcome!'on admin overview for consistency with l...Mark Sapiro2010-07-021-1/+1
* Fixed an issue in admindb that could result in a KeyError and "we hit aMark Sapiro2010-06-251-6/+10