# Copyright (C) 1998-2018 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, # USA. """Produce and process the pending-approval items for a list.""" import sys import os import cgi import errno import signal import email import time from types import ListType from urllib import quote_plus, unquote_plus from Mailman import mm_cfg from Mailman import Utils from Mailman import MailList from Mailman import Errors from Mailman import Message from Mailman import i18n from Mailman.Handlers.Moderate import ModeratedMemberPost from Mailman.ListAdmin import HELDMSG from Mailman.ListAdmin import readMessage from Mailman.Cgi import Auth from Mailman.htmlformat import * from Mailman.Logging.Syslog import syslog from Mailman.CSRFcheck import csrf_check EMPTYSTRING = '' NL = '\n' # Set up i18n. Until we know which list is being requested, we use the # server's default. _ = i18n._ i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE) EXCERPT_HEIGHT = 10 EXCERPT_WIDTH = 76 SSENDER = mm_cfg.SSENDER SSENDERTIME = mm_cfg.SSENDERTIME STIME = mm_cfg.STIME if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS in (SSENDERTIME, STIME): ssort = mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS else: ssort = SSENDER AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin) def helds_by_skey(mlist, ssort=SSENDER): heldmsgs = mlist.GetHeldMessageIds() byskey = {} for id in heldmsgs: ptime = mlist.GetRecord(id)[0] sender = mlist.GetRecord(id)[1] if ssort in (SSENDER, SSENDERTIME): skey = (0, sender) else: skey = (ptime, sender) byskey.setdefault(skey, []).append((ptime, id)) # Sort groups by time for k, v in byskey.items(): if len(v) > 1: v.sort() byskey[k] = v if ssort == SSENDERTIME: # Rekey with time newkey = (v[0][0], k[1]) del byskey[k] byskey[newkey] = v return byskey def hacky_radio_buttons(btnname, labels, values, defaults, spacing=3): # We can't use a RadioButtonArray here because horizontal placement can be # confusing to the user and vertical placement takes up too much # real-estate. This is a hack! space = ' ' * spacing btns = Table(cellspacing='5', cellpadding='0') btns.AddRow([space + text + space for text in labels]) btns.AddRow([Center(RadioButton(btnname, value, default).Format() + '
')
# BAW: kludge to remove id from requests.db.
try:
mlist.HandleRequest(id, mm_cfg.DISCARD)
except Errors.LostHeldMessage:
pass
return
except email.Errors.MessageParseError:
form.AddItem(_('Message with id #%(id)d is corrupted.'))
# BAW: Should we really delete this, or shuttle it off for site admin
# to look more closely at?
form.AddItem(' ')
# BAW: kludge to remove id from requests.db.
try:
mlist.HandleRequest(id, mm_cfg.DISCARD)
except Errors.LostHeldMessage:
pass
return
# Get the header text and the message body excerpt
lines = []
chars = 0
# A negative value means, include the entire message regardless of size
limit = mm_cfg.ADMINDB_PAGE_TEXT_LIMIT
for line in email.Iterators.body_line_iterator(msg, decode=True):
lines.append(line)
chars += len(line)
if chars >= limit > 0:
break
# We may have gone over the limit on the last line, but keep the full line
# anyway to avoid losing part of a multibyte character.
body = EMPTYSTRING.join(lines)
# Get message charset and try encode in list charset
# We get it from the first text part.
# We need to replace invalid characters here or we can throw an uncaught
# exception in doc.Format().
for part in msg.walk():
if part.get_content_maintype() == 'text':
# Watchout for charset= with no value.
mcset = part.get_content_charset() or 'us-ascii'
break
else:
mcset = 'us-ascii'
lcset = Utils.GetCharSet(mlist.preferred_language)
if mcset <> lcset:
try:
body = unicode(body, mcset, 'replace').encode(lcset, 'replace')
except (LookupError, UnicodeError, ValueError):
pass
hdrtxt = NL.join(['%s: %s' % (k, v) for k, v in msg.items()])
hdrtxt = Utils.websafe(hdrtxt)
# Okay, we've reconstituted the message just fine. Now for the fun part!
t = Table(cellspacing=0, cellpadding=0, width='100%')
t.AddRow([Bold(_('From:')), sender])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Subject:')),
Utils.websafe(Utils.oneline(subject, lcset))])
t.AddCellInfo(row+1, col-1, align='right')
t.AddRow([Bold(_('Reason:')), _(reason)])
t.AddCellInfo(row+2, col-1, align='right')
when = msgdata.get('received_time')
if when:
t.AddRow([Bold(_('Received:')), time.ctime(when)])
t.AddCellInfo(row+3, col-1, align='right')
buttons = hacky_radio_buttons(id,
(_('Defer'), _('Approve'), _('Reject'), _('Discard')),
(mm_cfg.DEFER, mm_cfg.APPROVE, mm_cfg.REJECT, mm_cfg.DISCARD),
(1, 0, 0, 0),
spacing=5)
t.AddRow([Bold(_('Action:')), buttons])
t.AddCellInfo(t.GetCurrentRowIndex(), col-1, align='right')
t.AddRow([' ',
''
])
t.AddRow([' ',
'' +
TextBox('forward-addr-%d' % id, size=47,
value=mlist.GetOwnerEmail()).Format()
])
notice = msgdata.get('rejection_notice', _('[No explanation given]'))
t.AddRow([
Bold(_('If you reject this post, ')
def process_form(mlist, doc, cgidata):
global ssort
senderactions = {}
badaddrs = []
# Sender-centric actions
for k in cgidata.keys():
for prefix in ('senderaction-', 'senderpreserve-', 'senderforward-',
'senderforwardto-', 'senderfilterp-', 'senderfilter-',
'senderclearmodp-', 'senderbanp-'):
if k.startswith(prefix):
action = k[:len(prefix)-1]
qsender = k[len(prefix):]
sender = unquote_plus(qsender)
value = cgidata.getfirst(k)
senderactions.setdefault(sender, {})[action] = value
for id in cgidata.getlist(qsender):
senderactions[sender].setdefault('message_ids',
[]).append(int(id))
# discard-all-defers
try:
discardalldefersp = cgidata.getfirst('discardalldefersp', 0)
except ValueError:
discardalldefersp = 0
# Get the summary sequence
ssort = int(cgidata.getfirst('summary_sort', SSENDER))
for sender in senderactions.keys():
actions = senderactions[sender]
# Handle what to do about all this sender's held messages
try:
action = int(actions.get('senderaction', mm_cfg.DEFER))
except ValueError:
action = mm_cfg.DEFER
if action == mm_cfg.DEFER and discardalldefersp:
action = mm_cfg.DISCARD
if action in (mm_cfg.DEFER, mm_cfg.APPROVE,
mm_cfg.REJECT, mm_cfg.DISCARD):
preserve = actions.get('senderpreserve', 0)
forward = actions.get('senderforward', 0)
forwardaddr = actions.get('senderforwardto', '')
byskey = helds_by_skey(mlist, SSENDER)
for ptime, id in byskey.get((0, sender), []):
if id not in senderactions[sender]['message_ids']:
# It arrived after the page was displayed. Skip it.
continue
try:
msgdata = mlist.GetRecord(id)[5]
comment = msgdata.get('rejection_notice',
_('[No explanation given]'))
mlist.HandleRequest(id, action, comment, preserve,
forward, forwardaddr)
except (KeyError, Errors.LostHeldMessage):
# That's okay, it just means someone else has already
# updated the database while we were staring at the page,
# so just ignore it
continue
# Now see if this sender should be added to one of the nonmember
# sender filters.
if actions.get('senderfilterp', 0):
# Check for an invalid sender address.
try:
Utils.ValidateEmail(sender)
except Errors.EmailAddressError:
# Don't check for dups. Report it once for each checked box.
badaddrs.append(sender)
else:
try:
which = int(actions.get('senderfilter'))
except ValueError:
# Bogus form
which = 'ignore'
if which == mm_cfg.ACCEPT:
mlist.accept_these_nonmembers.append(sender)
elif which == mm_cfg.HOLD:
mlist.hold_these_nonmembers.append(sender)
elif which == mm_cfg.REJECT:
mlist.reject_these_nonmembers.append(sender)
elif which == mm_cfg.DISCARD:
mlist.discard_these_nonmembers.append(sender)
# Otherwise, it's a bogus form, so ignore it
# And now see if we're to clear the member's moderation flag.
if actions.get('senderclearmodp', 0):
try:
mlist.setMemberOption(sender, mm_cfg.Moderate, 0)
except Errors.NotAMemberError:
# This person's not a member any more. Oh well.
pass
# And should this address be banned?
if actions.get('senderbanp', 0):
# Check for an invalid sender address.
try:
Utils.ValidateEmail(sender)
except Errors.EmailAddressError:
# Don't check for dups. Report it once for each checked box.
badaddrs.append(sender)
else:
if sender not in mlist.ban_list:
mlist.ban_list.append(sender)
# Now, do message specific actions
banaddrs = []
erroraddrs = []
for k in cgidata.keys():
formv = cgidata[k]
if type(formv) == ListType:
continue
try:
v = int(formv.value)
request_id = int(k)
except ValueError:
continue
if v not in (mm_cfg.DEFER, mm_cfg.APPROVE, mm_cfg.REJECT,
mm_cfg.DISCARD, mm_cfg.SUBSCRIBE, mm_cfg.UNSUBSCRIBE,
mm_cfg.ACCEPT, mm_cfg.HOLD):
continue
# Get the action comment and reasons if present.
commentkey = 'comment-%d' % request_id
preservekey = 'preserve-%d' % request_id
forwardkey = 'forward-%d' % request_id
forwardaddrkey = 'forward-addr-%d' % request_id
bankey = 'ban-%d' % request_id
# Defaults
try:
if mlist.GetRecordType(request_id) == HELDMSG:
msgdata = mlist.GetRecord(request_id)[5]
comment = msgdata.get('rejection_notice',
_('[No explanation given]'))
else:
comment = _('[No explanation given]')
except KeyError:
# Someone else must have handled this one after we got the page.
continue
preserve = 0
forward = 0
forwardaddr = ''
if cgidata.has_key(commentkey):
comment = cgidata[commentkey].value
if cgidata.has_key(preservekey):
preserve = cgidata[preservekey].value
if cgidata.has_key(forwardkey):
forward = cgidata[forwardkey].value
if cgidata.has_key(forwardaddrkey):
forwardaddr = cgidata[forwardaddrkey].value
# Should we ban this address? Do this check before handling the
# request id because that will evict the record.
if cgidata.getfirst(bankey):
sender = mlist.GetRecord(request_id)[1]
if sender not in mlist.ban_list:
# We don't need to validate the sender. An invalid address
# can't get here.
mlist.ban_list.append(sender)
# Handle the request id
try:
mlist.HandleRequest(request_id, v, comment,
preserve, forward, forwardaddr)
except (KeyError, Errors.LostHeldMessage):
# That's okay, it just means someone else has already updated the
# database while we were staring at the page, so just ignore it
continue
except Errors.MMAlreadyAMember, v:
erroraddrs.append(v)
except Errors.MembershipIsBanned, pattern:
sender = mlist.GetRecord(request_id)[1]
banaddrs.append((sender, pattern))
# save the list and print the results
doc.AddItem(Header(2, _('Database Updated...')))
if erroraddrs:
for addr in erroraddrs:
addr = Utils.websafe(addr)
doc.AddItem(`addr` + _(' is already a member') + '
please explain (optional):')),
TextArea('comment-%d' % id, rows=4, cols=EXCERPT_WIDTH,
text = Utils.wrap(_(notice), column=80))
])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Message Headers:')),
TextArea('headers-%d' % id, hdrtxt,
rows=EXCERPT_HEIGHT, cols=EXCERPT_WIDTH, readonly=1)])
row, col = t.GetCurrentRowIndex(), t.GetCurrentCellIndex()
t.AddCellInfo(row, col-1, align='right')
t.AddRow([Bold(_('Message Excerpt:')),
TextArea('fulltext-%d' % id, Utils.websafe(body),
rows=EXCERPT_HEIGHT, cols=EXCERPT_WIDTH, readonly=1)])
t.AddCellInfo(row+1, col-1, align='right')
form.AddItem(t)
form.AddItem('
')
if banaddrs:
for addr, patt in banaddrs:
addr = Utils.websafe(addr)
doc.AddItem(_('%(addr)s is banned (matched: %(patt)s)') + '
')
if badaddrs:
for addr in badaddrs:
addr = Utils.websafe(addr)
doc.AddItem(`addr` + ': ' + _('Bad/Invalid email address') +
'
')