aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Utils.py (unfollow)
Commit message (Expand)AuthorFilesLines
2017-03-30Fixed unexploitable XSS attach via crafted HTTP Host: header.Mark Sapiro1-1/+1
2016-10-29Fixed a typo and deleted an unreferenced assignment.Mark Sapiro1-5/+2
2016-07-14Match header_filter_rules as normalized unicodes.Mark Sapiro1-0/+31
2016-05-04Allow DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to be None or the null string.Mark Sapiro1-0/+2
2016-04-09Use rfind rather than find to find '@' for domain splitting.Mark Sapiro1-1/+2
2016-04-09Honor an organizational domain's DMARC sp= policy for sub-domains.Mark Sapiro1-5/+14
2016-03-06Better logging of DMARC lookup DNS exceptions.Mark Sapiro1-1/+1
2016-02-26Minor documentation clean up.Mark Sapiro1-4/+5
2016-02-25Lower case domains for the Organizational Domain fix.Mark Sapiro1-3/+3
2016-02-25Further refactoring of the Organizational Domain fix.Mark Sapiro1-2/+1
2016-02-25Refactored OrganizationalDomain fix.Mark Sapiro1-17/+81
2016-02-24If DMARC lookup fails to find a policy, also try the Organizational Domain.Mark Sapiro1-4/+25
2016-02-02Added dmarc_non_moderation_action to list settings.Mark Sapiro1-0/+9
2015-11-04Improvements based on feedback from Mark Sapirojimpop@template.hostname1-5/+3
2015-11-04Removed 2 development debugging linesjimpop@template.hostname1-5/+0
2015-11-04Auto-Moderate Verbose Membersjimpop@template.hostname1-0/+26
2015-09-16Defended against a user submitting URLs with query fragments or POSTMark Sapiro1-0/+16
2015-06-23Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch1-1/+5
2015-05-01The vette log entry for DMARC policy hits now contains the list name.Mark Sapiro1-4/+4
2015-03-27Fix for path traversal vulnerability.Mark Sapiro1-0/+6
2015-01-23Implemented the equivalent domains feature for list posting/moderation.Mark Sapiro1-0/+34
2015-01-22A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro1-1/+57
2014-09-21The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro1-0/+5
2014-05-29If checking DNS for dmarc_moderation_action and DNS lookup is notMark Sapiro1-1/+5
2014-05-02Make dmarc_quarantine_moderaction_action a list setting.Mark Sapiro1-3/+2
2014-05-02More fine tuning of dmarc_moderation_action.Mark Sapiro1-8/+8
2014-04-19The new Utils.IsDMARCProhibited() used collections.defaultdict whichMark Sapiro1-3/+2
2013-12-06Fixed email address validation to do a bit better in obscure cases.Mark Sapiro1-3/+4
2013-11-08Added suuport for p=quarantine based on feedback from Franck Martin.Jim Popovitch1-0/+5
2013-10-20Incorporated some feedback from Mark S.Jim Popovitch1-1/+1
2013-03-18Handle CNAMEs when chasing DMARC TXT records.Phil Pennock1-5/+44
2013-03-03Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policyJim Popovitch1-0/+39
2011-11-13Strengthened the validation of email addresses.Mark Sapiro1-8/+3
2011-09-15Strengthened the validation of email address domains.Mark Sapiro1-0/+6
2011-05-01Made the web escaping of additional characters a configuration setting.Mark Sapiro1-12/+6
2011-04-26Yet another change to the broken browser HTML escaping.Mark Sapiro1-1/+2
2011-04-26Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro1-2/+5
2011-04-25Strengthened escaping of user web data by including some characters thatMark Sapiro1-0/+8
2011-03-21Changed the maximum number of arguments for the who command to beMark Sapiro1-2/+2
2010-09-09Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro1-93/+94
2009-08-01XSS protection in the web interface went too far in escaping HTMLMark Sapiro1-1/+3
2009-07-31Backported several bug fixes from the 2.2 branch.Mark Sapiro1-20/+21
2009-01-02Mailman/Utils.pyMark Sapiro1-2/+2
2008-12-05Changed the regexp for Utils.suspiciousHTML to exempt theMark Sapiro1-1/+2
2008-11-12Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw1-3/+14
2008-05-07Changed Utils.ValidateEmail to not allow specials (particularly ':')Mark Sapiro1-2/+9
2007-12-04Mailman/Cgi/edithtml.pyMark Sapiro1-0/+151
2007-11-25Mailman/Defaults.py.inMark Sapiro1-0/+3
2007-07-17Detect 'who' with 1 or 2 arguments as administrivia.Mark Sapiro1-2/+2
2006-08-30CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw1-1/+1