# Copyright (C) 1998-2017 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, # USA. """Produce and process the pending-approval items for a list.""" import sys import os import cgi import errno import signal import email import time from types import ListType from urllib import quote_plus, unquote_plus from Mailman import mm_cfg from Mailman import Utils from Mailman import MailList from Mailman import Errors from Mailman import Message from Mailman import i18n from Mailman.Handlers.Moderate import ModeratedMemberPost from Mailman.ListAdmin import HELDMSG from Mailman.ListAdmin import readMessage from Mailman.Cgi import Auth from Mailman.htmlformat import * from Mailman.Logging.Syslog import syslog from Mailman.CSRFcheck import csrf_check EMPTYSTRING = '' NL = '\n' # Set up i18n. Until we know which list is being requested, we use the # server's default. _ = i18n._ i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE) EXCERPT_HEIGHT = 10 EXCERPT_WIDTH = 76 SSENDER = mm_cfg.SSENDER SSENDERTIME = mm_cfg.SSENDERTIME STIME = mm_cfg.STIME if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS in (SSENDERTIME, STIME): ssort = mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS else: ssort = SSENDER AUTH_CONTEXTS = (mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin, mm_cfg.AuthListModerator) def helds_by_skey(mlist, ssort=SSENDER): heldmsgs = mlist.GetHeldMessageIds() byskey = {} for id in heldmsgs: ptime = mlist.GetRecord(id)[0] sender = mlist.GetRecord(id)[1] if ssort in (SSENDER, SSENDERTIME): skey = (0, sender) else: skey = (ptime, sender) byskey.setdefault(skey, []).append((ptime, id)) # Sort groups by time for k, v in byskey.items(): if len(v) > 1: v.sort() byskey[k] = v if ssort == SSENDERTIME: # Rekey with time newkey = (v[0][0], k[1]) del byskey[k] byskey[newkey] = v return byskey def hacky_radio_buttons(btnname, labels, values, defaults, spacing=3): # We can't use a RadioButtonArray here because horizontal placement can be # confusing to the user and vertical placement takes up too much # real-estate. This is a hack! space = ' ' * spacing btns = Table(cellspacing='5', cellpadding='0') btns.AddRow([space + text + space for text in labels]) btns.AddRow([Center(RadioButton(btnname, value, default)) for value, default in zip(values, defaults)]) return btns def main(): global ssort # Figure out which list is being requested parts = Utils.GetPathPieces() if not parts: handle_no_list() return listname = parts[0].lower() try: mlist = MailList.MailList(listname, lock=0) except Errors.MMListError, e: # Avoid cross-site scripting attacks safelistname = Utils.websafe(listname) # Send this with a 404 status. print 'Status: 404 Not Found' handle_no_list(_('No such list %(safelistname)s')) syslog('error', 'admindb: No such list "%s": %s\n', listname, e) return # Now that we know which list to use, set the system's language to it. i18n.set_language(mlist.preferred_language) # Make sure the user is authorized to see this page. cgidata = cgi.FieldStorage(keep_blank_values=1) try: cgidata.getfirst('adminpw', '') except TypeError: # Someone crafted a POST with a bad Content-Type:. doc = Document() doc.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE) doc.AddItem(Header(2, _("Error"))) doc.AddItem(Bold(_('Invalid options to CGI script.'))) # Send this with a 400 status. print 'Status: 400 Bad Request' print doc.Format() return # CSRF check safe_params = ['adminpw', 'admlogin', 'msgid', 'sender', 'details'] params = cgidata.keys() if set(params) - set(safe_params): csrf_checked = csrf_check(mlist, cgidata.getfirst('csrf_token')) else: csrf_checked = True # if password is present, void cookie to force password authentication. if cgidata.getfirst('adminpw'): os.environ['HTTP_COOKIE'] = '' csrf_checked = True if not mlist.WebAuthenticate((mm_cfg.AuthListAdmin, mm_cfg.AuthListModerator, mm_cfg.AuthSiteAdmin), cgidata.getfirst('adminpw', '')): if cgidata.has_key('adminpw'): # This is a re-authorization attempt msg = Bold(FontSize('+1', _('Authorization failed.'))).Format() else: msg = '' Auth.loginpage(mlist, 'admindb', msg=msg) return # Add logout function. Note that admindb may be accessed with # site-wide admin, moderator and list admin privileges. # site admin may have site or admin cookie. (or both?) # See if this is a logout request if len(parts) >= 2 and parts[1] == 'logout': if mlist.AuthContextInfo(mm_cfg.AuthSiteAdmin)[0] == 'site': print mlist.ZapCookie(mm_cfg.AuthSiteAdmin) if mlist.AuthContextInfo(mm_cfg.AuthListModerator)[0]: print mlist.ZapCookie(mm_cfg.AuthListModerator) print mlist.ZapCookie(mm_cfg.AuthListAdmin) Auth.loginpage(mlist, 'admindb', frontpage=1) return # Set up the results document doc = Document() doc.set_language(mlist.preferred_language) # See if we're requesting all the messages for a particular sender, or if # we want a specific held message. sender = None msgid = None details = None envar = os.environ.get('QUERY_STRING') if envar: # POST methods, even if their actions have a query string, don't get # put into FieldStorage's keys :-( qs = cgi.parse_qs(envar).get('sender') if qs and type(qs) == ListType: sender = qs[0] qs = cgi.parse_qs(envar).get('msgid') if qs and type(qs) == ListType: msgid = qs[0] qs = cgi.parse_qs(envar).get('details') if qs and type(qs) == ListType: details = qs[0] # We need a signal handler to catch the SIGTERM that can come from Apache # when the user hits the browser's STOP button. See the comment in # admin.py for details. # # BAW: Strictly speaking, the list should not need to be locked just to # read the request database. However the request database asserts that # the list is locked in order to load it and it's not worth complicating # that logic. def sigterm_handler(signum, frame, mlist=mlist): # Make sure the list gets unlocked... mlist.Unlock() # ...and ensure we exit, otherwise race conditions could cause us to # enter MailList.Save() while we're in the unlocked state, and that # could be bad! sys.exit(0) mlist.Lock() try: # Install the emergency shutdown signal handler signal.signal(signal.SIGTERM, sigterm_handler) realname = mlist.real_name if not cgidata.keys() or cgidata.has_key('admlogin'): # If this is not a form submission (i.e. there are no keys in the # form) or it's a login, then we don't need to do much special. doc.SetTitle(_('%(realname)s Administrative Database')) elif not details: # This is a form submission doc.SetTitle(_('%(realname)s Administrative Database Results')) if csrf_checked: process_form(mlist, doc, cgidata) else: doc.addError( _('The form lifetime has expired. (request forgery check)')) # Now print the results and we're done. Short circuit for when there # are no pending requests, but be sure to save the results! admindburl = mlist.GetScriptURL('admindb', absolute=1) if not mlist.NumRequestsPending(): title = _('%(realname)s Administrative Database') doc.SetTitle(title) doc.AddItem(Header(2, title)) doc.AddItem(_('There are no pending requests.')) doc.AddItem(' ') doc.AddItem(Link(admindburl, _('Click here to reload this page.'))) # Put 'Logout' link before the footer doc.AddItem('\n
')
# BAW: kludge to remove id from requests.db.
try:
mlist.HandleRequest(id, mm_cfg.DISCARD)
except Errors.LostHeldMessage:
pass
return
except email.Errors.MessageParseError:
form.AddItem(_('Message with id #%(id)d is corrupted.'))
# BAW: Should we really delete this, or shuttle it off for site admin
# to look more closely at?
form.AddItem(' ')
# BAW: kludge to remove id from requests.db.
try:
mlist.HandleRequest(id, mm_cfg.DISCARD)
except Errors.LostHeldMessage:
pass
return
# Get the header text and the message body excerpt
lines = []
chars = 0
# A negative value means, include the entire message regardless of size
limit = mm_cfg.ADMINDB_PAGE_TEXT_LIMIT
for line in email.Iterators.body_line_iterator(msg, decode=True):
lines.append(line)
chars += len(line)
if chars >= limit > 0:
break
# We may have gone over the limit on the last line, but keep the full line
# anyway to avoid losing part of a multibyte character.
body = EMPTYSTRING.join(lines)
# Get message charset and try encode in list charset
# We get it from the first text part.
# We need to replace invalid characters here or we can throw an uncaught
# exception in doc.Format().
for part in msg.walk():
if part.get_content_maintype() == 'text':
# Watchout for charset= with no value.
mcset = part.get_content_charset() or 'us-ascii'
break
else:
mcset = 'us-ascii'
lcset = Utils.GetCharSet(mlist.preferred_language)
if mcset <> lcset:
try:
body = unicode(body, mcset, 'replace').encode(lcset, 'replace')
except (LookupError, UnicodeError, ValueError):
pass
hdrtxt = NL.join(['%s: %s' % (k, v) for k, v in msg.items()])
hdrtxt = Utils.websafe(hdrtxt)
# Okay, we've reconstituted the message just fine. Now for the fun part!
t = Table(cellspacing=0, cellpadding=0, width='100%')
t.AddRow([Bold(_('From:')), sender])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Subject:')),
Utils.websafe(Utils.oneline(subject, lcset))])
t.AddCellInfo(row+1, col-1, align='right')
t.AddRow([Bold(_('Reason:')), _(reason)])
t.AddCellInfo(row+2, col-1, align='right')
when = msgdata.get('received_time')
if when:
t.AddRow([Bold(_('Received:')), time.ctime(when)])
t.AddCellInfo(row+2, col-1, align='right')
# We can't use a RadioButtonArray here because horizontal placement can be
# confusing to the user and vertical placement takes up too much
# real-estate. This is a hack!
buttons = Table(cellspacing="5", cellpadding="0")
buttons.AddRow(map(lambda x, s=' '*5: s+x+s,
(_('Defer'), _('Approve'), _('Reject'), _('Discard'))))
buttons.AddRow([Center(RadioButton(id, mm_cfg.DEFER, 1)),
Center(RadioButton(id, mm_cfg.APPROVE, 0)),
Center(RadioButton(id, mm_cfg.REJECT, 0)),
Center(RadioButton(id, mm_cfg.DISCARD, 0)),
])
t.AddRow([Bold(_('Action:')), buttons])
t.AddCellInfo(row+3, col-1, align='right')
t.AddRow([' ',
''
])
t.AddRow([' ',
'' +
TextBox('forward-addr-%d' % id, size=47,
value=mlist.GetOwnerEmail()).Format()
])
notice = msgdata.get('rejection_notice', _('[No explanation given]'))
t.AddRow([
Bold(_('If you reject this post, ')
def process_form(mlist, doc, cgidata):
global ssort
senderactions = {}
badaddrs = []
# Sender-centric actions
for k in cgidata.keys():
for prefix in ('senderaction-', 'senderpreserve-', 'senderforward-',
'senderforwardto-', 'senderfilterp-', 'senderfilter-',
'senderclearmodp-', 'senderbanp-'):
if k.startswith(prefix):
action = k[:len(prefix)-1]
qsender = k[len(prefix):]
sender = unquote_plus(qsender)
value = cgidata.getfirst(k)
senderactions.setdefault(sender, {})[action] = value
for id in cgidata.getlist(qsender):
senderactions[sender].setdefault('message_ids',
[]).append(int(id))
# discard-all-defers
try:
discardalldefersp = cgidata.getfirst('discardalldefersp', 0)
except ValueError:
discardalldefersp = 0
# Get the summary sequence
ssort = int(cgidata.getfirst('summary_sort', SSENDER))
for sender in senderactions.keys():
actions = senderactions[sender]
# Handle what to do about all this sender's held messages
try:
action = int(actions.get('senderaction', mm_cfg.DEFER))
except ValueError:
action = mm_cfg.DEFER
if action == mm_cfg.DEFER and discardalldefersp:
action = mm_cfg.DISCARD
if action in (mm_cfg.DEFER, mm_cfg.APPROVE,
mm_cfg.REJECT, mm_cfg.DISCARD):
preserve = actions.get('senderpreserve', 0)
forward = actions.get('senderforward', 0)
forwardaddr = actions.get('senderforwardto', '')
byskey = helds_by_skey(mlist, SSENDER)
for ptime, id in byskey.get((0, sender), []):
if id not in senderactions[sender]['message_ids']:
# It arrived after the page was displayed. Skip it.
continue
try:
msgdata = mlist.GetRecord(id)[5]
comment = msgdata.get('rejection_notice',
_('[No explanation given]'))
mlist.HandleRequest(id, action, comment, preserve,
forward, forwardaddr)
except (KeyError, Errors.LostHeldMessage):
# That's okay, it just means someone else has already
# updated the database while we were staring at the page,
# so just ignore it
continue
# Now see if this sender should be added to one of the nonmember
# sender filters.
if actions.get('senderfilterp', 0):
# Check for an invalid sender address.
try:
Utils.ValidateEmail(sender)
except Errors.EmailAddressError:
# Don't check for dups. Report it once for each checked box.
badaddrs.append(sender)
else:
try:
which = int(actions.get('senderfilter'))
except ValueError:
# Bogus form
which = 'ignore'
if which == mm_cfg.ACCEPT:
mlist.accept_these_nonmembers.append(sender)
elif which == mm_cfg.HOLD:
mlist.hold_these_nonmembers.append(sender)
elif which == mm_cfg.REJECT:
mlist.reject_these_nonmembers.append(sender)
elif which == mm_cfg.DISCARD:
mlist.discard_these_nonmembers.append(sender)
# Otherwise, it's a bogus form, so ignore it
# And now see if we're to clear the member's moderation flag.
if actions.get('senderclearmodp', 0):
try:
mlist.setMemberOption(sender, mm_cfg.Moderate, 0)
except Errors.NotAMemberError:
# This person's not a member any more. Oh well.
pass
# And should this address be banned?
if actions.get('senderbanp', 0):
# Check for an invalid sender address.
try:
Utils.ValidateEmail(sender)
except Errors.EmailAddressError:
# Don't check for dups. Report it once for each checked box.
badaddrs.append(sender)
else:
if sender not in mlist.ban_list:
mlist.ban_list.append(sender)
# Now, do message specific actions
banaddrs = []
erroraddrs = []
for k in cgidata.keys():
formv = cgidata[k]
if type(formv) == ListType:
continue
try:
v = int(formv.value)
request_id = int(k)
except ValueError:
continue
if v not in (mm_cfg.DEFER, mm_cfg.APPROVE, mm_cfg.REJECT,
mm_cfg.DISCARD, mm_cfg.SUBSCRIBE, mm_cfg.UNSUBSCRIBE,
mm_cfg.ACCEPT, mm_cfg.HOLD):
continue
# Get the action comment and reasons if present.
commentkey = 'comment-%d' % request_id
preservekey = 'preserve-%d' % request_id
forwardkey = 'forward-%d' % request_id
forwardaddrkey = 'forward-addr-%d' % request_id
bankey = 'ban-%d' % request_id
# Defaults
try:
if mlist.GetRecordType(request_id) == HELDMSG:
msgdata = mlist.GetRecord(request_id)[5]
comment = msgdata.get('rejection_notice',
_('[No explanation given]'))
else:
comment = _('[No explanation given]')
except KeyError:
# Someone else must have handled this one after we got the page.
continue
preserve = 0
forward = 0
forwardaddr = ''
if cgidata.has_key(commentkey):
comment = cgidata[commentkey].value
if cgidata.has_key(preservekey):
preserve = cgidata[preservekey].value
if cgidata.has_key(forwardkey):
forward = cgidata[forwardkey].value
if cgidata.has_key(forwardaddrkey):
forwardaddr = cgidata[forwardaddrkey].value
# Should we ban this address? Do this check before handling the
# request id because that will evict the record.
if cgidata.getfirst(bankey):
sender = mlist.GetRecord(request_id)[1]
if sender not in mlist.ban_list:
# We don't need to validate the sender. An invalid address
# can't get here.
mlist.ban_list.append(sender)
# Handle the request id
try:
mlist.HandleRequest(request_id, v, comment,
preserve, forward, forwardaddr)
except (KeyError, Errors.LostHeldMessage):
# That's okay, it just means someone else has already updated the
# database while we were staring at the page, so just ignore it
continue
except Errors.MMAlreadyAMember, v:
erroraddrs.append(v)
except Errors.MembershipIsBanned, pattern:
sender = mlist.GetRecord(request_id)[1]
banaddrs.append((sender, pattern))
# save the list and print the results
doc.AddItem(Header(2, _('Database Updated...')))
if erroraddrs:
for addr in erroraddrs:
addr = Utils.websafe(addr)
doc.AddItem(`addr` + _(' is already a member') + '
please explain (optional):')),
TextArea('comment-%d' % id, rows=4, cols=EXCERPT_WIDTH,
text = Utils.wrap(_(notice), column=80))
])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Message Headers:')),
TextArea('headers-%d' % id, hdrtxt,
rows=EXCERPT_HEIGHT, cols=EXCERPT_WIDTH, readonly=1)])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Message Excerpt:')),
TextArea('fulltext-%d' % id, Utils.websafe(body),
rows=EXCERPT_HEIGHT, cols=EXCERPT_WIDTH, readonly=1)])
t.AddCellInfo(row+1, col-1, align='right')
form.AddItem(t)
form.AddItem('
')
if banaddrs:
for addr, patt in banaddrs:
addr = Utils.websafe(addr)
doc.AddItem(_('%(addr)s is banned (matched: %(patt)s)') + '
')
if badaddrs:
for addr in badaddrs:
addr = Utils.websafe(addr)
doc.AddItem(`addr` + ': ' + _('Bad/Invalid email address') +
'
')