aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+12
|
* <label> tags have been added around most check boxes and radio buttonsMark Sapiro2014-06-091-10/+29
| | | | | and their text labels in the admin and admindb web GUI so they can be (de)selected by clicking the text. (LP: #266391)
* Removed HTML tags from the title of a couple of rmlist.py pages becauseMark Sapiro2014-05-021-2/+2
| | | | browsers don't render tags in the title. (LP: #265848)
* Fixed the admin Membership List so a search string if any is not lostMark Sapiro2014-04-151-1/+2
| | | | when visiting subsequent fragments of a chunked list.
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-2110-20/+20
| | | | | | | | | | (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries.
* Changed the message from the confirm CGI to not indicate approval isMark Sapiro2014-02-071-2/+3
| | | | required for an acceptance of an invitation.
* Enable setting a default grouping/sorting for the admindb held messageMark Sapiro2013-07-191-4/+7
| | | | summary via a DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting.
* Backported the held message sorting to 2.1 and made it optional.Mark Sapiro2013-07-181-18/+51
|
* - It is no longer possible to add 'invalid' addresses to the ban_listMark Sapiro2013-06-071-15/+39
| | | | | and the *_these_nonmembers filters from the check boxes on the admindb interface. (LP: #1187201)
* The pending (un)subscriptions waiting approval are now sorted by emailMark Sapiro2013-04-031-5/+5
| | | | address in the admindb interface as intended. (LP: 1164160)
* Added a minimum delay between retrieval and submission of the subscribe form.Mark Sapiro2012-12-141-0/+4
|
* Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2012-11-242-2/+34
|
* Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro2012-10-301-1/+2
|
* The query fragments send_unsub_notifications_to_list_owner andMark Sapiro2012-08-221-9/+7
| | | | | send_unsub_ack_to_this_batch will now assume default values if not set in mass unsubscribe URLs. (LP: #1032378)
* Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update.Mark Sapiro2012-06-201-0/+0
|
* Backported the password reminder from private archive login feature from theMark Sapiro2012-03-251-1/+22
| | | | 2.2 branch.
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
|
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
|
* Fix for bug #629738 could cause a crash in the admindb details displayMark Sapiro2011-12-311-1/+3
| | | | | if the decoded message body contained characters not in the character set of the list's preferred language. Fixed. Bug #910440.
* Added masthead.txt to the list of templates that can be edited via theMark Sapiro2011-11-121-1/+2
| | | | web admin interface. Bug #266805.
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
| | | | each list if the subscription is 'nomail' or 'digest'. Bug #793669.
* Fixed a problem in admindb.py where the character set for the display ofMark Sapiro2011-05-101-1/+8
| | | | the message body excerpt was not correctly determined. Bug #779751.
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-093-10/+10
|
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-251-0/+27
| | | | | | be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-232-3/+27
| | | | | admindb logout effective for a site admin cookie if allowed. Bug #769318.
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
|
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-141-3/+5
| | | | | setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
* Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro2011-03-291-2/+2
| | | | the supplied email address. Bug #745432.
* An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro2011-02-181-3/+3
|
* - Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro2011-02-071-2/+3
| | | | already handled. Bug #266224.
* Updated copyright year for previous change.Mark Sapiro2011-02-051-1/+1
|
* Issue an HTTP 404 status for private archive file not found.Mark Sapiro2011-02-051-0/+1
|
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-102-5/+5
| | | | Bug #426979.
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-2/+2
|
* Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro2010-09-031-1/+1
| | | | message body excerpts for display. Bug #629738.
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-271-1/+2
| | | | requesters IP address in the confirmation request. Bug #610527.
* Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro2010-07-021-1/+1
| | | | listinfo.
* Fixed an issue in admindb that could result in a KeyError and "we hit aMark Sapiro2010-06-251-6/+10
| | | | | bug" response when a moderator acts on a post that had been handled by someone else after the first moderator had retrieved it. Bug #598671.
* Fixed a bug which would fail to show a list on the admin and listinfoMark Sapiro2010-06-232-4/+6
| | | | overview pages if its web_page_url contained a :port. Bug # 597741.
* Added roster to the CGIs that return HTTP 401 status for an authenticationMark Sapiro2010-03-2910-0/+22
| | | | failure, and return HTTP 404 status from all CGIs for an invalid list name.
* Reordered the 'cancel' and 'subscribe' buttons on the subscriptionMark Sapiro2010-03-061-3/+3
| | | | | confirmation web page so the default action upon 'enter' will be the subscribe button in browsers that pick the first button. Bug #530654.
* Fixed a bug in the admindb interface that could apply a moderatorMark Sapiro2010-03-061-2/+10
| | | | action to a message not displayed. Bug #533468.
* Added a urlhost argument to the MailList.MailList.Create() method toMark Sapiro2010-02-271-2/+3
| | | | | | allow bin/newlist and the the create CGI to pass urlhost so the host will be correct in the listinfo link on the emptyarchive page. Bug #529100.
* We now give an HTTP 401 status for authentication failures from admin,Mark Sapiro2010-02-043-2/+8
| | | | admindb, private and options logins.
* - Fixed a bug where going to an archives/private/list.mbox/list.mbox URLMark Sapiro2010-01-211-1/+3
| | | | would result in a munged URL if authentication was required. Bug #266164.
* - Added vette logging for rejected and discarded (un)subscribe requests.Mark Sapiro2009-12-041-1/+1
| | | | | - Fixed a bug in admindb.py that could erroneously discard an unsubscribe request as a duplicate.
* Decoded RFC 2047 encoded message subjects for a few reports. Bug #266428.Mark Sapiro2009-12-031-3/+4
|
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-312-4/+5
|
* Fixed a bug in admindb.py in the implementation of replacing "No ReasonMark Sapiro2009-02-031-2/+7
| | | | Given" with the default rejection reason. Bug #325016.
* Two of the 'new' class exceptions are raised with an argument.Mark Sapiro2009-01-201-4/+5
|