aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-0511-105/+105
|
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
|
* Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro2017-04-251-1/+1
| | | Update i18n.
* Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro2017-02-221-1/+1
|
* Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro2017-02-031-3/+3
| | | containing a % character.
* Fixed incorrect "view more members" links at the bottom of the adminMark Sapiro2016-10-271-4/+5
| | | Membership List pages.
* Fix unicode links in multi-page admin Membership list search results.Mark Sapiro2016-09-291-2/+5
|
* Fixes for CVE-2016-6893 and more.Mark Sapiro2016-08-263-5/+71
|
* Membership List letter links could be incorrectly rendered as Unicode.Mark Sapiro2016-07-191-0/+3
|
* Catch TypeError from certain defective crafted POST requests.Mark Sapiro2016-07-1411-14/+132
|
* Prior fix for lp:1573623 at rev 1647 was incomplete.Mark Sapiro2016-05-221-2/+3
|
* Added a bunch more templates to those that can be edited via the GUI.Mark Sapiro2016-05-181-1/+13
|
* Catch MMUnknownListError in case list is removed after listing names.Mark Sapiro2016-05-172-3/+11
|
* White space left of Logout link is no longer part of the link.Mark Sapiro2016-04-221-3/+4
|
* Submitting the user options form for a user who was asynchronouslyMark Sapiro2015-12-061-0/+8
| | | unsubscribed would throw an uncaught NotAMemberError.
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+8
| | | data containing multiple occurrences of the same variable.
* Don't show digest options on user's options page for non-digestable lists.Mark Sapiro2015-07-201-2/+8
|
* Improved identification of remote clients coming via a proxy server.Mark Sapiro2015-06-233-9/+18
|\
| * Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-233-9/+18
|/
* If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a loadMark Sapiro2015-04-232-12/+35
| | | | | | balancer or similar in use the POSTing IP might not exactly match the GETting IP. This is now accounted for by not requiring the last octet (16 bits for ipV6) to match.
* Improved search in admin UI Membership List.Mark Sapiro2015-04-131-1/+10
|
* Implemented member address change via the admin GUI.Mark Sapiro2015-03-091-1/+109
| | | Updated mailman.pot and mailman.po files with the new strings.
* Bumped copyright year for prior change.Mark Sapiro2015-02-031-1/+1
|
* The admindb interface has been fixed so the the detail message bodyMark Sapiro2015-01-301-8/+6
| | | | | | display doesn't lose part of a multi-byte character, and characters which are invalid in the message's charset are replaced rather than the whole body not being converted to the display charset.
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-222-18/+21
| | | | | the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained.
* Implement a new DEFAULT_SUBSCRIBE_OR_INVITE setting to control the defaultMark Sapiro2014-12-201-1/+2
| | | | for the admin Mass Subscriptions page.
* Catch the NotAMemberError exception thrown if an authenticatedMark Sapiro2014-11-071-0/+7
| | | | unsubscribe is submitted from the user options page for a nonmember.
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+12
|
* <label> tags have been added around most check boxes and radio buttonsMark Sapiro2014-06-091-10/+29
| | | | | and their text labels in the admin and admindb web GUI so they can be (de)selected by clicking the text. (LP: #266391)
* Removed HTML tags from the title of a couple of rmlist.py pages becauseMark Sapiro2014-05-021-2/+2
| | | | browsers don't render tags in the title. (LP: #265848)
* Fixed the admin Membership List so a search string if any is not lostMark Sapiro2014-04-151-1/+2
| | | | when visiting subsequent fragments of a chunked list.
* - Added the list name to the vette log "held message approved" entry.Mark Sapiro2014-03-2110-20/+20
| | | | | | | | | | (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries.
* Changed the message from the confirm CGI to not indicate approval isMark Sapiro2014-02-071-2/+3
| | | | required for an acceptance of an invitation.
* Enable setting a default grouping/sorting for the admindb held messageMark Sapiro2013-07-191-4/+7
| | | | summary via a DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting.
* Backported the held message sorting to 2.1 and made it optional.Mark Sapiro2013-07-181-18/+51
|
* - It is no longer possible to add 'invalid' addresses to the ban_listMark Sapiro2013-06-071-15/+39
| | | | | and the *_these_nonmembers filters from the check boxes on the admindb interface. (LP: #1187201)
* The pending (un)subscriptions waiting approval are now sorted by emailMark Sapiro2013-04-031-5/+5
| | | | address in the admindb interface as intended. (LP: 1164160)
* Added a minimum delay between retrieval and submission of the subscribe form.Mark Sapiro2012-12-141-0/+4
|
* Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes. (LP: 1082746)Mark Sapiro2012-11-242-2/+34
|
* Added 'legend' to the list of CSRF safe parameters for the admin CGI.Mark Sapiro2012-10-301-1/+2
|
* The query fragments send_unsub_notifications_to_list_owner andMark Sapiro2012-08-221-9/+7
| | | | | send_unsub_ack_to_this_batch will now assume default values if not set in mass unsubscribe URLs. (LP: #1032378)
* Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update.Mark Sapiro2012-06-201-0/+0
|
* Backported the password reminder from private archive login feature from theMark Sapiro2012-03-251-1/+22
| | | | 2.2 branch.
* Added a few more safe_params to the CSRF check.Mark Sapiro2012-02-231-1/+2
|
* Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.Mark Sapiro2012-02-051-6/+26
|
* Fix for bug #629738 could cause a crash in the admindb details displayMark Sapiro2011-12-311-1/+3
| | | | | if the decoded message body contained characters not in the character set of the list's preferred language. Fixed. Bug #910440.
* Added masthead.txt to the list of templates that can be edited via theMark Sapiro2011-11-121-1/+2
| | | | web admin interface. Bug #266805.
* The user options 'list my other subscriptions' page now indicates forMark Sapiro2011-06-071-0/+6
| | | | each list if the subscription is 'nomail' or 'digest'. Bug #793669.
* Fixed a problem in admindb.py where the character set for the display ofMark Sapiro2011-05-101-1/+8
| | | | the message body excerpt was not correctly determined. Bug #779751.
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-093-10/+10
|