aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (follow)
Commit message (Collapse)AuthorAgeFilesLines
* _escape(): Everything except the 'info' variable gets the normal web-safebwarsaw2004-02-171-8/+19
| | | | | escaping. 'info' sanitizes just <script> and </script> tags. This partially closes bugs 870028 and 881369.
* handleForm(): Call out to self._escape() to make any entered data web-safe.bwarsaw2004-02-171-3/+7
| | | | | This allows subclasses to override where necessary. The default implementaton is to call Utils.websafe().
* main(): It's possible that if you're logged in as the list admin, you can getbwarsaw2004-02-171-3/+5
| | | | | | | to the end of the function trying to present the options page for a non-existant user, causing a traceback. At the last second, do one more isMember() check and return the loginpage if the address isn't a member of the list.
* Rewritten, simplified, and made more bullet-proof. The file read/written isbwarsaw2004-02-171-77/+66
| | | | | | | | | | | | | | | | | | | now a pickle instead the less secure marshal. Other changes: __filename(): Removed. We'll use the instance variable __filename instead. __opendb(): Simplified by removing upgrade logic largely duplicated in _UpdateRecords(). __closedb(): Use pickles and the __filename instance variable. __request_id(): Removed this since it wasn't thread-safe. It didn't require the acquisition of the list lock. Replaced with __nextid() which not only asserts the list lock, but also ensures that the id returned will be unique. HoldMessage(): Always flush and fsync the heldmsg file. Various other code improvement.
* enqueue(), dequeue(), files(): Implementation of new, more efficient,bwarsaw2004-02-101-226/+37
| | | | | | | | | | | one-file-per-queued-message architecture. The message object and metadata dictionary are now written to the same .pck file -- in that order -- instead of to separate files which were more complicated to manage. dequeue() especially simplifies considerably. Also, get rid of the special _Switchboard hack, as well as the MarshalSwitchboard, ASCIISwitchboard, and BSDDBSwitchboard implementations. Also get rid of the DumperSwitchboard class.
* _dispose(), verp_probe(): Add logic to parse and handle probe bounce verps.bwarsaw2004-02-101-1/+55
|
* hold_for_approval(): Convert to the new pending database interface.bwarsaw2004-02-101-2/+2
|
* main(), subscription_cancel(), unsubscription_cancel(), addrchange_cancel()bwarsaw2004-02-101-17/+36
| | | | | | | | addrchange_confirm(), heldmsg_cancel(), heldmsg_confirm(), reenable_confirm(): Convert to the new pending database interface. expunge(): A helper function which ensures that the list is locked before expunging an item from the confirmation database.
* Bump the version number to 2.1.5a3. Also bump the PENDING_FILE_SCHEMA_VERSIONbwarsaw2004-02-101-4/+4
| | | | to indicate that we're now saving things in a per-list database.
* Simplification and re-implementation as a per-list (and thus MailList mixinbwarsaw2004-02-101-231/+132
| | | | class), pending database.
* MailList: Add the Pending.Pending class to the list of base classes.bwarsaw2004-02-101-11/+10
| | | | | InviteNewMember(), AddMember(), ChangeMemberAddress(), ProcessConfirmation(), ConfirmUnsubscription(): Convert to the new pending database interface.
* sendProbe(): Method implementing the actual sending of the probe message to abwarsaw2004-02-101-1/+39
| | | | member whose bounce score is greater than the threshold.
* VERP_PROBE_FORMAT, VERP_PROBE_REGEXP: A new template and pattern for handlingbwarsaw2004-02-101-32/+7
| | | | | | | | | | | | the probe verps, which are different than the normal message verps because the former has a token hash in the address extension. METAFMT_MARSHAL, METAFMT_BSDDB_NATIVE, METAFMT_ASCII, METADATA_FORMAT: Remove all this since they don't make sense with the new rewritten single-file qrunner architecture. PENDINGDB_LOCK_TIMEOUT, PENDINGDB_LOCK_ATTEMPTS: These are no longer necessary given the new per-list pending database.
* Hook in the new bounce processing actions. Specifically,bwarsaw2004-02-101-7/+10
| | | | | | | | | | | registerBounce(): When the bounce score is higher than the threshold, instead of disabling the address right way, we send a probe message, then we reset the bounce score to zero. disableBouncingMember(): Use the new pending db interface and update the log messages. sendNextNotification(): Use the new pending db interface.
* _dispose(): Fix typo in comparison to site-list owner address. Fix given bybwarsaw2004-01-231-2/+2
| | | | SHIGENO Kazutaka.
* updated commentsbwarsaw2004-01-221-1/+3
|
* bulkdeliver(): Add a comment about recent alternative interpretations forbwarsaw2004-01-221-1/+4
| | | | munging Sender and Errors-To headers.
* whitespace normalizationbwarsaw2004-01-201-3/+3
|
* GetConfigInfo(): Elaborate on the details for bounce_score_threshold.bwarsaw2004-01-201-2/+14
|
* __checkone(): Patch 869644, ignore NotAMemberError that can get raisedbwarsaw2004-01-031-2/+5
| | | | | | from AuthContextInfo() when old cookie data is for someone no longer a member of the mailing list. Closes SF bug # 869647. Bug and patch by Stephan Berndts.
* Bump version number, post release.bwarsaw2004-01-021-5/+5
|
* Prep for 2.1.4 final.bwarsaw2003-12-311-3/+3
|
* show_pending_subs(): The address in the pending database may be a unicode, butbwarsaw2003-12-271-1/+3
| | | | | it must be ascii. Coerce to an 8-bit string so the bogus u'' doesn't show up. Closes SF 862906.
* show_helds_overview(), show_post_requests(): Another part of TK'sbwarsaw2003-12-271-2/+13
| | | | | patch # 865661. Encode the subject header in the list's preferred character set and make sure it is all on one line.
* hold_for_approval(): Another part of TK's patch # 865661. Encode thebwarsaw2003-12-261-2/+7
| | | | | subject header in the list's preferred character set and make sure it is all on one line, when sent back to the original author.
* oneline(): Another part of TK's patch # 865661. This one adds abwarsaw2003-12-261-0/+15
| | | | | utility function that returns a header in an i18n-safe way such that it is guaranteed to span exactly one line.
* Article.__init__(): Provide a default charset if the message doesn'tbwarsaw2003-12-261-3/+7
| | | | | | | have one. Part of TK's patch #865661. __processbody_URLquote(): One chunk of TK's patch # 865661 for improving the i18n of the 'at' substitutions for archives.
* Authenticate(): When authenticating AuthUser, wrap thebwarsaw2003-12-261-35/+40
| | | | | | | | | | | | | | | | | | | | | self.authenticateMember() call in a try/except catching and ignoring NotAMemberErrors. The effect of this is that other authcontexts being check will then proceed as normal. This fixes admin login to the private archives, and non-public rosters. Under the old code, if you tried to get into the private archives w/o entering an email address, but using the admin password, you'd be denied access. WebAuthenticate(): Removed the wrapping of .Authenticate() in try/except catching of NotAMemberError, since this should never percolate out now. Also, use True/False everywhere it's appropriate (but not in the cookie code). Original bug and patch by Stephan Berndts. Closes SF bug # 864676 and SF patch # 864674.
* Update version numbers (2.1.4 is definitely going out before the endbwarsaw2003-12-241-3/+3
| | | | of the year).
* adminy_overview(): Richard Barrett's patch # 828811 to reduce listinfobwarsaw2003-12-241-5/+6
| | | | | | and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* listinfo_overview(): Richard Barrett's patch # 828811 to reducebwarsaw2003-12-241-5/+6
| | | | | | listinfo and admin cgi process size by not keeping the entire mlist object alive through a reference in the advertised list. Only the information used in the overview is kept.
* finished_update_article(): Richard Barrett's fix to reduce Pipermailbwarsaw2003-12-241-0/+9
| | | | | | | | | | | | | archive bloat by deleting the html_body attribute on Article objects. Closes SF bug #835332. This is a stub in the base class. _update_thread_index(): Call finished_update_article() when done. store_article(): squirrel away the html_body value when pickling the article. This only reduces bloat on new articles. See bin/rb-archfix to clean up older archives.
* finished_update_article(): Richard Barrett's fix to reduce Pipermailbwarsaw2003-12-241-0/+6
| | | | | | | | archive bloat by deleting the html_body attribute on Article objects. Closes SF bug #835332. This only reduces bloat on new articles. See bin/rb-archfix to clean up older archives.
* Comment repair.bwarsaw2003-12-221-1/+1
|
* Fix commentbwarsaw2003-12-181-2/+1
|
* uheader(): Added default argument for maxlinelen.bwarsaw2003-12-181-11/+12
| | | | | | | | | | process(): Reworked the way we calculate the List-Id header in the face of i18n descriptions which may need to be quoted (if ASCII and containing RFC 2822 special chars). What we do now is RFC 2047 encode just the description part, if there is one, then use formataddr() to combine that with the email address-like list identification.
* send_i18n_digests(): Configurations can change between the time abwarsaw2003-12-161-1/+6
| | | | | | | | | message is originally received and the time the digest is sent. If the configuration changes by setting ARCHIVE_HTML_SANITIZER to 0, a DiscardMessage exception can occur during the scrubbing. Catch this error. Closes SF #860135 with basic solution by Martin Pool.
* process(): Quote the description when adding it to the List-ID header,bwarsaw2003-12-131-1/+1
| | | | | in case there are any special characters (in the RFC 2822) in the description.
* Romanian is iso-8859-2bwarsaw2003-12-131-1/+1
|
* handleForm(): Close some cross-site scripting holes found by Dirkbwarsaw2003-12-132-4/+5
| | | | Mueller.
* process(): Update a few email package calls.bwarsaw2003-12-011-5/+11
|
* Results.__init__(): It's possible for the Header functions to raise abwarsaw2003-12-011-4/+9
| | | | | HeaderParseError, so if that happens just ignore the Subject header for command purposes.
* Fix a small comment bug.bwarsaw2003-12-011-1/+1
|
* process(): The implementation of extended header filters viabwarsaw2003-12-011-4/+79
| | | | header_filter_rules.
* True/False where appropriate.bwarsaw2003-12-011-1/+1
| | | | | | process(): When we encode the text, catch ValueError along with UnicodeError and LookupError. The ValueError can be raised if the charset is the empty string. Closes SF bug # 834486.
* True/False where appropriate.bwarsaw2003-12-011-15/+23
| | | | | | process(): When we encode the text, catch ValueError along with UnicodeError and LookupError. The ValueError can be raised if the charset is the empty string. Closes SF bug # 834486.
* True/False where appropriate.bwarsaw2003-12-011-1/+7
|
* True/False where appropriate.bwarsaw2003-12-011-18/+19
| | | | handleForm(): Close a very minor, potential CSS hole.
* GetConfigInfo(), handleForm(): Added header_filter_rules, a new variable whichbwarsaw2003-12-011-2/+114
| | | | | collects regular expression rules to match against the message's outer headers, along with the action to take when a match occurs.
* _getValidValue(): Basically ignore HeaderFilter widgets. They'll be handledbwarsaw2003-12-011-0/+2
| | | | in the Privacy.py file.