aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Utils.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Added a few more badword checks to Utils.suspiciousHTML().Mark Sapiro2018-03-081-4/+27
| | | Added validation of GUI updates to host_name.
* Updated i18n in preparation for 2.1.25 release.Mark Sapiro2017-10-261-2/+2
| | | Fixed a minor typo.
* Improved DMARC testing for domains with DNSSEC validation problems.Mark Sapiro2017-10-071-2/+14
|
* Changed member_verbosity_threshold from a >= test to a strictly > test.Mark Sapiro2017-05-241-2/+2
|
* Fixed unexploitable XSS attach via crafted HTTP Host: header.Mark Sapiro2017-03-301-1/+1
|
* Fixed a typo and deleted an unreferenced assignment.Mark Sapiro2016-10-291-5/+2
|
* Match header_filter_rules as normalized unicodes.Mark Sapiro2016-07-141-0/+31
|
* Allow DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to be None or the null string.Mark Sapiro2016-05-041-0/+2
|
* Use rfind rather than find to find '@' for domain splitting.Mark Sapiro2016-04-091-1/+2
|
* Honor an organizational domain's DMARC sp= policy for sub-domains.Mark Sapiro2016-04-091-5/+14
|
* Better logging of DMARC lookup DNS exceptions.Mark Sapiro2016-03-061-1/+1
|
* Minor documentation clean up.Mark Sapiro2016-02-261-4/+5
|
* Lower case domains for the Organizational Domain fix.Mark Sapiro2016-02-251-3/+3
|
* Further refactoring of the Organizational Domain fix.Mark Sapiro2016-02-251-2/+1
|
* Refactored OrganizationalDomain fix.Mark Sapiro2016-02-251-17/+81
|
* If DMARC lookup fails to find a policy, also try the Organizational Domain.Mark Sapiro2016-02-241-4/+25
|
* Added dmarc_non_moderation_action to list settings.Mark Sapiro2016-02-021-0/+9
|
* Merged and tweaked Jim P's mailman-auto-mod-verbose-members branch.Mark Sapiro2016-01-181-1/+48
|\
| * Improvements based on feedback from Mark Sapirojimpop@template.hostname2015-11-041-5/+3
| | | | | | | | https://code.launchpad.net/~jimpop/mailman/mailman-auto-mod-verbose-members/+merge/276706/comments/699744
| * Removed 2 development debugging linesjimpop@template.hostname2015-11-041-5/+0
| |
| * Auto-Moderate Verbose Membersjimpop@template.hostname2015-11-041-0/+26
|/
* Defended against a user submitting URLs with query fragments or POSTMark Sapiro2015-09-161-0/+16
| | | data containing multiple occurrences of the same variable.
* Improved identification of remote clients coming via a proxy server.Mark Sapiro2015-06-231-1/+8
|\
| * Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) Jim Popovitch2015-06-231-1/+5
|/
* The vette log entry for DMARC policy hits now contains the list name.Mark Sapiro2015-05-011-4/+4
|
* Fix for path traversal vulnerability.Mark Sapiro2015-03-271-0/+6
|
* Implemented the equivalent domains feature for list posting/moderation.Mark Sapiro2015-01-231-0/+34
|
* A number of changes from the unofficial 2.2 branch have been backported toMark Sapiro2015-01-221-1/+57
| | | | | the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained.
* The options CGI now rejects all but HTTP GET and POST requests.Mark Sapiro2014-09-211-0/+5
|
* If checking DNS for dmarc_moderation_action and DNS lookup is notMark Sapiro2014-05-291-1/+5
| | | | available, log it. (LP: #1324541)
* Make dmarc_quarantine_moderaction_action a list setting.Mark Sapiro2014-05-021-3/+2
|
* More fine tuning of dmarc_moderation_action.Mark Sapiro2014-05-021-8/+8
|
* The new Utils.IsDMARCProhibited() used collections.defaultdict whichMark Sapiro2014-04-191-3/+2
| | | requires Python 2.5. Changed to use a dict and setdefault.
* Added and modified various options regarding DMARC. See the NEWS file.Mark Sapiro2014-04-151-1/+96
|\
| * Added suuport for p=quarantine based on feedback from Franck Martin.Jim Popovitch2013-11-081-0/+5
| |
| * Incorporated some feedback from Mark S.Jim Popovitch2013-10-201-1/+1
| |
| * Handle CNAMEs when chasing DMARC TXT records.Phil Pennock2013-03-181-5/+44
| | | | | | | | | | | | | | | | Handle TXT records missing tags, check all such records, etc. Use \b boundary anchors in regexp check. (Should only be one, but if there are multiple, check them all, reject if any of them say p=reject).
| * Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policyJim Popovitch2013-03-031-0/+39
| |
* | Fixed email address validation to do a bit better in obscure cases.Mark Sapiro2013-12-061-3/+4
|/
* Strengthened the validation of email addresses.Mark Sapiro2011-11-131-8/+3
|
* Strengthened the validation of email address domains.Mark Sapiro2011-09-151-0/+6
|
* Made the web escaping of additional characters a configuration setting.Mark Sapiro2011-05-011-12/+6
|
* Yet another change to the broken browser HTML escaping.Mark Sapiro2011-04-261-1/+2
|
* Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro2011-04-261-2/+5
|
* Strengthened escaping of user web data by including some characters thatMark Sapiro2011-04-251-0/+8
| | | | some older browsers misinterpret as < or >.
* Changed the maximum number of arguments for the who command to beMark Sapiro2011-03-211-2/+2
| | | | | considered administrivia from 2 to 1 to help avoid false positives. Bug #739524.
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-091-93/+94
|
* XSS protection in the web interface went too far in escaping HTMLMark Sapiro2009-08-011-1/+3
| | | | entities. Fixed.
* Backported several bug fixes from the 2.2 branch.Mark Sapiro2009-07-311-20/+21
|
* Mailman/Utils.pyMark Sapiro2009-01-021-2/+2
| | | | | | | | | | - Fixed a long standing error that stopped relative hrefs from being generated for links on Mailman's web pages. Mailman/Cgi/admindb.py - Changed the admindb interface so that when messages are rejected from the summary page, the reject reason is the rejection message from the Errors.HoldMessage subclass instead of the generic "No reason given".