| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mailman/app/moderator.py: Most of the application level interface
provided by ListAdmin is moved here now, including the ability to hold
messages, subscriptions, and unsubscriptions, and to handle message
(defer, discard, reject, accept). More work needed.
Some untested conversion of API in Mailman/Cgi/admindb.py, confirm.py,
bin/checkdbs.py.
messagestore.py: Don't use or require the Date: header in the global
message ID calculation. As described on the mailing list, we're only
going to use the Message-ID header.
IListRequests: added count_of() and of_type() methods.
|
| |
|
|
|
|
|
|
|
|
| |
checkbox
when there are only (un)subscribes and no held messages.
- Added a separator and heading for "Held Messages" like the ones for
"Subscribe Requests" and "Unsubscribe Requests".
- Added additional test to not display "Database Updated ..." when
coming from the login page.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://mailman.svn.sourceforge.net/svnroot/mailman/branches/tmp-sqlalchemy-branch
................
r8114 | bwarsaw | 2006-12-06 00:16:54 -0500 (Wed, 06 Dec 2006) | 44 lines
Initial take on using SQLAlchemy to store list data in lieu of Python pickles.
While all the list data (including OldStyleMemberships attributes) are stored
in the database, many attributes are stored as PickleTypes binary data. This
isn't idea but it gets things working until a more sophisticated schema can be
developed.
MailList class is now a new-style class, as is required by SQLAlchemy. This
makes several things, er, interesting. Rip out all the low-level pickle
reading and writing stuff. Hook SA transaction events into Lock() and
Unlock(). Move the hooking of the _memberadaptor into InitTempVars(), which
gets called by the SQLAlchemy hooks (MailList.__init__() never is).
Add an initialize.py module which centralizes all the initialization bits that
command line scripts have to do, including configuration, logging, and atabase
initialization.
This change also converts bin/withlist to mmshell wrapper.
Update to SQLAlchemy 0.3.1.
Revamp paths.py.in considerably. There were several problems with the old
way. We no longer disable default loading of site-packages so we don't need
to add Python's site-packages back to sys.path. Also, because
site.addsitedir() causes things like .pth paths to be /appended/ to sys.path,
they actually won't override any site-installed packages. E.g. if SQLAlchemy
is installed in the system Python, our version will not override. IIUC,
setuptools-based packages can be configured to work properly in the face of
package versions, however not all packages we currently depend on are
setuptools-based. So instead, we steal a bit of stuff from site.py but change
things so the prepend .pth stuff to sys.path.
Update several modules to use True/False and whitespace normalization.
Convert from mm_cfg to config object. Modernize a few coding constructs.
Add a couple of exceptions to handle database problems.
In the export script, include the widget type in the elements. This helped in
my stupid little throw away conversion script, but I think it will be more
generally useful.
Add an interact.py module which refactors interactive interpreter access.
Mostly this is used by withlist -i, but it lets us import Mailman.interact and
drop into a prompt just about anywhere (e.g. debugging).
................
r8115 | bwarsaw | 2006-12-07 09:13:56 -0500 (Thu, 07 Dec 2006) | 22 lines
Start to flesh out more of the SQLAlchemy mechanisms.
Added a MailList.__new__() which hooks instantiation to use a query on
dbcontext to get an existing mailing list. A 'no-args' call means we're doing
a Create(), though eventually that will change too.
For now, disable the CheckVersion() call. Eventually this will be folded into
schema migration.
list_exists(): Rewrite to use the dbcontext query to determine if the named
mailing list exists or not. Requires the fqdn_listname.
Eradicate two failed member adaptors: BDBMemberAdaptor and SAMemberships.
Change the way the DBContext holds onto tables. It now keeps a dictionary
mapping the table's name to the SA Table instance. This makes it easier to
look up and use the individual tables.
Add 'web_page_url' as an attribute managed by SA, and remove a debugging
print.
................
r8116 | bwarsaw | 2006-12-11 07:27:47 -0500 (Mon, 11 Dec 2006) | 29 lines
Rework the whole dbcontext and transaction framework. SA already handles
nested transactions so we don't have to worry about them. However, we do have
the weird situation where some transactions are tied to MailList
.Lock()/.Unlock()/.Save() and some are tied to non-mlist actions. So now we
use an @txn decorator to put methods in a session transaction, but then we
also hook into the above MailList methods as possibly sub-transactions. We
use a weakref subclass to manage the MailList interface, with a dictionary
mapping MailList fqdn_listnames against transactions. The weakrefs come in by
giving us a callback when a MailList gets derefed such that we're guaranteed
to rollback any outstanding transaction.
Also, we have one global DBContext instance but rather than force the rest of
Mailman to deal with context objects, instead we expose API methods on that
object into the Mailman.database module, which the rest of the code will use.
Such methods must be prepended with 'api_' to get exposed this way.
bin/rmlist now works with the SA-backend. I refactored the code here so that
other code (namely, the test suite) can more easily and consistently remove a
mailing list. This isn't the best place for it ultimately, but it's good
enough for now.
New convenience functions Utils.split_listname(), .fqdn_listname().
Convert testall to use Mailman.initialize.initialize(). Not all tests work,
but I'm down to only 8 failures and 7 errors. Also, do a better job of
recovering from failures in setUp().
MailList.__new__() now takes keyword arguments.
................
r8117 | bwarsaw | 2006-12-11 22:58:06 -0500 (Mon, 11 Dec 2006) | 7 lines
Unit test repairs; even though the unit tests are still pretty fragile,
everything now passes with the SQLAlchemy storage of list data.
Added missing 'personalize' column. Converted mailmanctl and qrunner to
initialize() interface. Fixed _cookie_path() to not fail if SCRIPT_NAME is
not in the environment.
................
r8118 | bwarsaw | 2006-12-27 18:45:41 -0500 (Wed, 27 Dec 2006) | 21 lines
Utils.list_names(): Use a database query to get all the list names.
dbcontext.py: Added api_get_list_names() to support Utils.list_names().
listdata.py: Added two additional MailList attributes which need to be stored
in the database. The first is 'admin_member_chunksize' which isn't modifiable
from the web. The second is 'password' which holds the list's password.
HTMLFormatObject: item strings can now be unicodes.
bin/list_lists.py: Must call initialize() to get the database properly
initialized, not just config.load(). This will be a common theme.
SecurityManager.py:
- Remove md5 and crypt support
- Added mailman.debug logger, though it will be only used during
debugging.
- The 'secret' can be a unicode now.
- A few coding style updates; repr() instead of backticks, 'key in dict'
instead of 'dict.has_key(key)'
................
r8119 | bwarsaw | 2006-12-27 19:13:09 -0500 (Wed, 27 Dec 2006) | 2 lines
genaliases.py: config.load() -> initialize()
................
r8120 | bwarsaw | 2006-12-27 19:17:26 -0500 (Wed, 27 Dec 2006) | 9 lines
Blocked revisions 8113 via svnmerge
........
r8113 | bwarsaw | 2006-12-05 23:54:30 -0500 (Tue, 05 Dec 2006) | 3 lines
Initialized merge tracking via "svnmerge" with revisions "1-8112" from
https://mailman.svn.sourceforge.net/svnroot/mailman/branches/tmp-sqlalchemy-branch
........
................
r8121 | bwarsaw | 2006-12-28 23:34:52 -0500 (Thu, 28 Dec 2006) | 20 lines
Remove SIGTERM handling from all the CGI scripts. This messes with HTTPRunner
because when you issue "mailmanctl stop" after the signal handler has been
installed, the process will get a SIGTERM, the signal handler will run, and
the process will exit with a normal zero code. This will cause mailmanctl to
try to restart the HTTPRunner.
I don't think we need that stuff at all when running under wsgi with a
SQLAlchemy backend. If mailmanctl kills the HTTPRunner in the middle of the
process, I believe (but have not tested) that the transaction should get
properly rolled back at process exit. We need to make sure about this, and
also we need to test the signal handling functionality under traditional CGI
environment (if we even still want to support that).
Also, make sure that we don't try to initialize the loggers twice in qrunner.
This was the cause of all the double entries in logs/qrunner.
Fix a coding style nit in mailmanctl.py.
De-DOS-ify line endings in loginit.py.
................
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Configurable no-list error.
- Ultimate loop stop address in transport -> aliases.
- LMTP_ONLY_DOMAIN needs no individual transport entry.
- Use of alias/lmtp is exclusive.
WSGI brushups.
- _cookie_path() was made simple and retain common cookie for
admin/admindb/... etc.
- Removed absolute=1 from admindb/confirm/create/options.
configuration.py
- Use of add_runner() in etc/mailman.cfg needs change. config
is not loaded yet?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and some of the admindb.py links. There may still be breakage in other parts
of the interface and I haven't gone back to verify that traditional CGI still
works.
Changes:
- Add wsgiref-0.1.2-py2.4.egg so that we can still do WSGI in Python 2.4,
which doesn't come with wsgiref. Of course this means we /also/ have to add
setuptools-0.5c3 because eggs require setuptools.
- Style cleanups in HTTPRunner.py and wsgi_app.py. Also, use cStringIO
instead of StringIO.
- All internal links within the listinfo and admin pages are (or at least
should be ;) relative now. This should make other things better, such as
running Mailman over https or alternative ports. It does kind of mean that
web_page_url is obsolete, but I haven't looked at whether we can completely
eradicate it.
- ValidateEmail(): Use ' ' in s instead of s.count(' ') > 0.
- GetPathPieces(): When path is false, return the empty list instead of None,
so we can still len() it.
- ScriptURL(): Much simpler. To support relative urls as the default, we
change the API so that it only takes a 'target' argument (i.e. the script we
want to link to). It no longer takes 'absolute' or 'web_page_url', and it
constructs its link from GetPathPieces(), the target, and the cgi extension.
- GetRequestURI(): code style updates.
- Mailman/bin/show_config.py: De-DOS-line-ending-ification.
- export.py: A few modifications, although this is likely still not final (I'm
still working on the import script). First, for <option> elements, don't
put the value in an attribute, put it in the text body of the element.
Second, put the list <option> tags in a <configuration> element. Third, put
the preferred language on an <option> tag with a 'preferred_language'
name attribute value.
- SecurityManager: Make sure that MakeCookie() and ZapCookie() use the same
'path' cookie value by refactoring that into a separate method. That method
now returns just the SCRIPT_NAME and the full listname. web_page_url
doesn't enter into it.
- loginit.py: Add a 'debug' logger since it's just too useful to have :)
- admin.py: Remove the extra / right before the query string in ?VARHELP
urls. That extra / turns out to be problematic with the relative url scheme
we're using now.
- Auth.py: whitespace normalization and copyright years update. Also, remove
a couple of unnecessary imports. Also, make sure that the actionurl is
relative.
- create.py: Typo.
- private.py: mm_cfg -> config object
- In MailList.py: GetScriptURL() can be written in terms of Utils.ScriptURL()
now.
|
| |
|
|
|
|
|
|
| |
the new configuration object: admin, admindb, bounces, confirm, inject, join,
leave, owner, post, request, unshunt, version.
Also change MailList.GetScriptURL() to return the list's fully qualified name
in links.
|
| |
|
| |
details=all page.
|
| | |
|
| |
|
|
|
|
| |
the builtin types. Two still remain: a check against ClassType and a check
against MethodType. Also, fix some hinky type comparisons to use isinstance()
consistently.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
traces of our crufty old Syslog. Most of this work was purely mechanical,
except for:
1) Initializing the loggers. For this, there's a new module
Mailman/loginit.py (yes all modules from now on will use PEP 8
names). We can't call this 'logging.py' because that will
interfere with importing the stdlib module of the same name (can
you say Python 2.5 and absolute imports?).
If you want to write log messages both to the log file and to
stderr, pass True to loginit.initialize(). This will turn on
propagation of log messages to the parent 'mailman' logger, which
is set up to print to stderr. This is how bin/qrunner works when
not running as a subprocess of mailmanctl.
2) The driver script. I had to untwist the StampedLogger stuff and
implement differently printing exceptions and such to log/error
because standard logging objects don't have a write() method. So
we write to a cStringIO and then pass that to the logger.
3) SMTPDirect.py because of the configurability of the log messages.
This required changing SafeDict into a dict subclass (which is
better than using UserDicts anyway -- yay Python 2.3!). It's
probably still possible to flummox things up if you change the
name of the loggers in the SMTP_LOG_* variables in mm_cfg.py.
However, the worst you can do is cause output to go to stderr and
not go to a log file.
Note too that all entry points into the Mailman system must call
Mailman.loginit.initialize() or the log output will go to stderr
(which may occasionally be what you want). Currently all CGIs and
qrunners should be working properly.
I wish I could have tested all code paths that touch the logger, but
that's infeasible. I have tested this, but it's possible that there
were some mistakes in the translation.
- Mailman.Bouncers.BounceAPI.Stop is a singleton, but not a class
instance any more.
- True/False code cleanup, PEP 8 import restructuring, whitespace
normalization, and copyright year updates, as appropriate.
|
| | |
|
| |
|
|
| |
address changes and confirmations of same.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
filter" so that it's clearer that the radio array that follows selects
the bucket the address will be added to.
Backport candidate
|
| | |
|
| |
|
|
|
|
|
| |
If a non-member sends a message which is held, but then the sender
subsequently subscribes to the list, a confusing admindb page is
shown. Now we include a message that the sender has since joined the
list.
|
| | |
|
| |
|
|
|
|
| |
show_helds_overview(): The various show_*() methods now return the
number of items (or an approximation) they have formatted for display.
If it's zero, then don't add the form to the final output in main().
|
| |
|
|
|
| |
nice when METADATA_FORMAT = METAFMT_ASCII. This is part of patch
#567288 by Maximillian Dornseif.
|
| |
|
|
|
| |
just an empty string. This avoids seeing the u'' when no real name
was given.
|
| |
|
|
| |
full name.
|
| |
|
|
|
|
| |
Heinlein, show the received time of the held message, if available.
Also, some minor u/i tweaking.
|
| |
|
|
|
| |
the version converted to the charset of the web page (or with &#XYZ;
conversion).
|
| |
|
|
|
| |
translated. Closes SF bug #596361 by Tokio Kikuchi, albeit with a
slightly different patch.
|
| |
|
|
|
| |
link so you don't have to go back to the admin page if more helds have
shown up.
|
| |
|
|
|
| |
Also, use Utils.websafe() consistently throughout, instead of the
inconsistent calls to cgi.escape().
|
| |
|
|
|
|
|
| |
from the web view of pending actions, and from the database.
Arguably, we should do this when we add the subscriptions in the first
place, but that's inconvenient because we don't maintain the proper
data structures in the request.db database.
|
| |
|
|
| |
record in a message held request is always 6.
|
| |
|
|
|
|
|
| |
displaying so that nasty HTML can't sneak in. Also, set the readonly
attribute to true when creating the Message Headers and Message
Excerpt text boxes. This avoids the misperception that you can edit
the message before it's approved.
|
| |
|
|
| |
email addresses requesting subscription or unsubscription.
|
| |
|
|
|
|
|
|
|
|
| |
expansion of d['description'] referenced a local `esender' which, due
to code re-org wasn't defined. Define esender so as to avoid
cross-site scripting exploit.
Second, it wasn't correct to omit the form and submit button any time
there were ?details=... Fix this so that each stanza can decide
whether to add the form or not.
|
| |
|
|
|
|
|
|
|
|
| |
Also, in pending subscriptions listing, add a checkbox which will add
the address to the ban_list.
show_helds_overview(): Add a checkbox which will add the address to
the ban_list.
process_form(): Handle adding the address to the ban_list.
|
| |
|
|
|
|
|
|
| |
pending results), be sure we still save the list!
show_helds_overview(), process_form(): When messages are being held by
a moderated member, give the list admin a chance to clear the moderate
bit.
|
| |
|
|
| |
assertion. This fixes subscription approvals.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this five years from now ;). In brief,
We now organize held postings by sender address and this "summary" is
what's presented when .../mailman/admindb/listname is visited. The
pending subs and unsubs don't change, but the preamble is shorted
(with links to more detailed instructions).
For each group of held messages, you can click on one link to see the
details of the all the messages sent by a single address, or you can
click on a different link to view the details of just a single
message. A third link lets you view the details of all the held
messages, just like the old admindb page used to give you.
The details page is just like the old admindb in form and function,
except that ADMINDB_PAGE_TEXT_LIMIT now works ;) and there are links
back to the summary page.
One additional neat hack is that on the summary page, there's an
option to add an email address to one of the auto sender filter lists
(viewable in the admin/privacy/sender screen). This is only visible
if the address isn't already on one of the four filter lists.
Where this should be a boon is if you've got a bunch of messages being
held that are coming from the same address, and they all appear to be
spam. You can discard them all in one fell swoop (no click-'n'-scroll
necessary!), and add them to the auto-discard list, so you never have
to worry about them again.
Note that if what you wanted to do was add a regexp to say the
auto-discard list, you'd have to first add this address, then go to
the admin/privacy/sender page and edit the address into a regexp
filter. Easily done, while reducing the complexity of the admindb
summary page, which already pushes the edge of "too busy".
|
| |
|
|
|
| |
excerpt so that it can't sneak in table breaking HTML or evil
Javascript. Fixes SF bug #486340. Patch and report by Greg Lindahl.
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to prevent cross-site scripting exploits. See
http://www.cert.org/advisories/CA-2000-02.html
Reported by zeno@cgisecurity.com
Fix is to cgi.escape() any strings regurgitated from the url back to
the browser in the html response.
|
| |
|
|
|
| |
the admin database, otherwise it won't be in the list's preferred
language.
|
| |
|
|
| |
should just use the empty string if there's no real name.
|
| | |
|
| |
|
|
|
| |
message (because of ADMINDB_PAGE_TEXT_LIMIT), join the strings with
the empty string, not newlines.
|
| |
|
|
|
|
|
|
| |
Also, use cStringIO directly instead of our own hack-around StringIO
module.
admindb.py: Use ListAdmin.readMessage() to actually read the contents
of the message from disk.
|
| |
|
|
| |
requests database automatically updates its schema now.
|
| |
|
|
|
|
| |
full names are shown along with the email address (if it is
known). Also, backwards compatibility with pre-2.1a3 pending
database records (before a3 they didn't include the fullname).
|
| |
|
|
|
|
|
|
|
|
|
| |
when the admin is trying to login with an empty password field.
When WebAuthenticate() fails, check the `adminpw' cgi key to
determine whether this was a login attempt, or the first visit of
this link.
show_requests(): SUBSCRIPTION pending records now include the supplied
user real name (i.e. fullname), so use this when unpacking the
tuple.
|
| |
|
|
| |
the error code on e.errno, not e.code. Found by Mentor Cana.
|
